current-users: [Security Fix] IEEE 802.11 buffer overflows

Subject: [Security Fix] IEEE 802.11 buffer overflows
To: None <current-users@NetBSD.org>
From: Adrian Portelli <adrianp@NetBSD.org>
List: current-users
Date: 02/25/2006 01:01:59

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The FreeBSD project recently published FreeBSD-SA-06:05.80211,
describing buffer overflow vulnerabilities in IEEE802.11 FreeBSD code.

The NetBSD Security Officer team was aware of this issue, and was
notified by the researchers that NetBSD was also vulnerable.

The original advisory for this issue can be found at:

        http://www.signedness.org/advisories/sps-0x1.txt

The relevant CVE entry is CVE-2006-0226.

This vulnerability does not exist in the NetBSD 1.x, 2.x, or 3.x code
bases. However, NetBSD-current was found to be vulnerable to this issue.

This issue was fixed in the NetBSD CVS tree on the 18th of January 2006.
Users currently running NetBSD-current are advised to update:

        sys/net80211/ieee80211_ioctl.c to version 1.28

To update from CVS, re-build, and re-install the kernel:

        # cd src
        # cvs update -d -P sys/net80211/ieee80211_ioctl.c
        # ./build.sh kernel=KERNCONF
        # mv /netbsd /netbsd.old
        # cp sys/arch/ARCH/compile/obj/KERNCONF/netbsd /netbsd
        # shutdown -r now

For more information on how to do this, see:

        http://www.NetBSD.org/guide/en/chap-kernel.html

Thanks To
=========

Karl Janmar of signedness.org for informing us of the issues.
Christos Zoulas for the fixes in NetBSD-current.


On behalf of security-officer@,

adrian.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD/6yHLc2rR0mnFJ8RAp36AJ9izYGd5+VfCc8J7siTqav4ttHLKwCgw7Yr
5VdyJgT/pkkQ3iVRK8tg/kI=
=ZSTG
-----END PGP SIGNATURE-----