CVE-2008-4395

Publication date 6 November 2008

Last updated 24 July 2024

Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.

From the Ubuntu Security Team

Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	8.10 intrepid	Fixed 2.6.27-7.16
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.15	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Not affected
linux-source-2.6.20	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Not affected
	6.06 LTS dapper	Not in release
linux-source-2.6.22	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not affected
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release
linux-ubuntu-modules-2.6.22	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Fixed 2.6.22-15.40
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release
linux-ubuntu-modules-2.6.24	8.10 intrepid	Not in release
	8.04 LTS hardy	Fixed 2.6.24-21.33
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-662-2
Ubuntu kernel modules vulnerability
6 November 2008

USN-662-1
Linux kernel vulnerabilities
5 November 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-4395