Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi prior to 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
madwifi madwifi 0.9.0 |
||
madwifi madwifi 0.9.1 |
||
madwifi madwifi |
||
madwifi madwifi 0.9.2 |
||
madwifi madwifi 0.9.2.1 |