Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Changes from Version 1 of news/20070416/no-known-security-issues-in-v0-9-3

mrenzmann (IP:
04/16/07 14:12:31 (12 years ago)



  • news/20070416/no-known-security-issues-in-v0-9-3

    v v1  
     1= No known security issues in v0.9.3 = 
     2== For the impatient == 
     3There is currently no known security issue that needs to be addressed. Recent reports deal with a hole that has been found in December 2006, and that hole has been fixed already - make sure you have either MadWifi v0.9.2.1 or - better yet - v0.9.3 (which is the latest release at this time). 
     5== Background == 
     6On April 10, 2007 the news site [ Dark Reading] has published an article called [ Critical WiFi Bug Found on Linux]. The story deals with a remotely exploitable security issue that was discovered by Laurent Butti, a researcher from France Telecom. Maybe that rings a bell for some of you. 
     8The article is technically correct about the existence and the nature of this issue. But unfortunately it failed to make clear that the issue is [wiki:news/20061207/release-0-9-2-1-fixes-critical-security-issue known for about 4 months now] and has been fixed in [wiki:Releases/ MadWifi release v0.9.2.1] even before it was publically reported. The only hint that could be found was: 
     12"We contacted them and waited for them to patch the issue" first, he says, which they did. 
     15This one sentence was easy to miss (which, to be honest, happened to me at first) and left a bit of room for speculation. I have contacted Laurent Butti, asking him for a clarification. He immediately responded and explained that Dark Reading has interviewed him in response to [ his BlackHat Europe 2007 talk] at end of march. He clarified that the article in fact refers to [ CVE-2006-6332] which was addressed in MadWifi v0.9.2.1. Or in other words: there is no new hole in MadWifi. 
     17Other news sources, such as [,130717-pg,1/article.html] or [], managed to make it sound even more sensational by claiming that the hole has been found "'''in''' Linux" (and not '''on''', as Dark Reading wrote before). It should be a well-known fact that MadWifi is by no means part of Linux (the kernel), as it relies on a binary-only part which prevents it from being accepted for inclusion to the kernel. Let's hope that this is no indicator for the general reliability and accuracy of the security-related news they publish...  
     19If you still are unsure whether you're vulnerable please feel free to contact our [wiki:Support regular support channels].