CVE-2013-4579
published 2013-11-20CVE-2013-4579: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to…
PriorityP433medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
10.21%
95.1th percentile
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
Affected
242 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 3.12.8-1 (bookworm) | linux 3.12.8-1 (bookworm) |
| linux | linux_kernel | <= 3.12 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_ubuntu7.1HIGH
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2014-03-07·CVSS 4.3
CVE-2013-4579 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Mathy Vanhoef discovered an error in the the way the ath9k driver was
handling the BSSID masking. A remote attacker could exploit this error to
discover the original MAC address after a spoofing atack. (CVE-2013-4579)
Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu
function of the Kernel Virtual Machine (KVM) subsystem. A local user could
exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)
Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel
Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could
exploit this flaw to cause a denial of service or host OS system crash.
(CVE-2013-6367)
Andrew Honig
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2014-03-07·CVSS 4.3
CVE-2013-4579 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Mathy Vanhoef discovered an error in the the way the ath9k driver was
handling the BSSID masking. A remote attacker could exploit this error to
discover the original MAC address after a spoofing atack. (CVE-2013-4579)
Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu
function of the Kernel Virtual Machine (KVM) subsystem. A local user could
exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)
Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel
Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could
exploit this flaw to cause a denial of service or host OS system crash.
(CVE-2013-6367)
Andrew Honig
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2014-03-07·CVSS 4.3
CVE-2013-4579 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Mathy Vanhoef discovered an error in the the way the ath9k driver was
handling the BSSID masking. A remote attacker could exploit this error to
discover the original MAC address after a spoofing atack. (CVE-2013-4579)
Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine
(KVM) VAPIC synchronization operation. A local user could exploit this flaw
to gain privileges or cause a denial of service (system crash).
(CVE-2013-6368)
A flaw was discovered in the Reliable Datagram Sockets (RDS) protocol
implementation in the Linux kernel for systems that lack RDS transports. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash). (CVE
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2014-03-07·CVSS 4.3
CVE-2013-4579 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Mathy Vanhoef discovered an error in the the way the ath9k driver was
handling the BSSID masking. A remote attacker could exploit this error to
discover the original MAC address after a spoofing atack. (CVE-2013-4579)
Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu
function of the Kernel Virtual Machine (KVM) subsystem. A local user could
exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)
Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel
Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could
exploit this flaw to cause a denial of service or host OS system crash.
(CVE-2013-6367)
Andrew Honig reporte
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities
vendor_ubuntu·2014-03-07·CVSS 4.3
CVE-2013-4579 [MEDIUM] Linux kernel (Quantal HWE) vulnerabilities
Title: Linux kernel (Quantal HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Mathy Vanhoef discovered an error in the the way the ath9k driver was
handling the BSSID masking. A remote attacker could exploit this error to
discover the original MAC address after a spoofing atack. (CVE-2013-4579)
Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu
function of the Kernel Virtual Machine (KVM) subsystem. A local user could
exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)
Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel
Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could
exploit this flaw to cause a denial of service or host OS system crash.
(CVE-2013-6367)
Andrew
Ubuntu
Linux kernel (Raring HWE) vulnerabilities
vendor_ubuntu·2014-03-07·CVSS 4.3
CVE-2013-4579 [MEDIUM] Linux kernel (Raring HWE) vulnerabilities
Title: Linux kernel (Raring HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Mathy Vanhoef discovered an error in the the way the ath9k driver was
handling the BSSID masking. A remote attacker could exploit this error to
discover the original MAC address after a spoofing atack. (CVE-2013-4579)
Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu
function of the Kernel Virtual Machine (KVM) subsystem. A local user could
exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)
Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel
Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could
exploit this flaw to cause a denial of service or host OS system crash.
(CVE-2013-6367)
Andrew
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2014-03-07·CVSS 4.3
CVE-2013-4579 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Mathy Vanhoef discovered an error in the the way the ath9k driver was
handling the BSSID masking. A remote attacker could exploit this error to
discover the original MAC address after a spoofing atack. (CVE-2013-4579)
Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine
(KVM) VAPIC synchronization operation. A local user could exploit this flaw
to gain privileges or cause a denial of service (system crash).
(CVE-2013-6368)
A flaw was discovered in the Reliable Datagram Sockets (RDS) protocol
implementation in the Linux kernel for systems that lack RDS transports. An
unprivileged local user could exploit this flaw to cause a denial of
service (system crash). (CVE-2013-73
Ubuntu
Linux kernel (Saucy HWE) vulnerabilities
vendor_ubuntu·2014-02-18·CVSS 7.1
CVE-2013-4563 [HIGH] Linux kernel (Saucy HWE) vulnerabilities
Title: Linux kernel (Saucy HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in
the Linux kernel. A remote attacker could exploit this flaw to cause a
denial of service (panic). (CVE-2013-4563)
Mathy Vanhoef discovered an error in the the way the ath9k driver was
handling the BSSID masking. A remote attacker could exploit this error to
discover the original MAC address after a spoofing atack. (CVE-2013-4579)
Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu
function of the Kernel Virtual Machine (KVM) subsystem. A local user could
exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)
Andrew Honig reported a flaw in the apic_get_tmcct functi
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2014-02-18·CVSS 7.1
CVE-2013-4563 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in
the Linux kernel. A remote attacker could exploit this flaw to cause a
denial of service (panic). (CVE-2013-4563)
Mathy Vanhoef discovered an error in the the way the ath9k driver was
handling the BSSID masking. A remote attacker could exploit this error to
discover the original MAC address after a spoofing atack. (CVE-2013-4579)
Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu
function of the Kernel Virtual Machine (KVM) subsystem. A local user could
exploit this flaw to gain privileges on the host machine. (CVE-2013-4587)
Andrew Honig reported a flaw in the apic_get_tmcct function of the Ke
Red Hat
kernel: ath9k_htc driver improperly updates MAC
vendor_redhat·2013-11-14·CVSS 4.3
CVE-2013-4579 [MEDIUM] kernel: ath9k_htc driver improperly updates MAC
kernel: ath9k_htc driver improperly updates MAC
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
Statement: This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: realtime-kernel (Red
Debian
CVE-2013-4579: linux - The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_...
vendor_debian·2013·CVSS 4.3
CVE-2013-4579 [MEDIUM] CVE-2013-4579: linux - The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_...
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
Scope: local
bookworm: resolved (fixed in 3.12.8-1)
bullseye: resolved (fixed in 3.12.8-1)
forky: resolved (fixed in 3.12.8-1)
sid: resolved (fixed in 3.12.8-1)
trixie: resolved (fixed in 3.12.8-1)
GHSA
GHSA-v4p7-4gcw-hc4c: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main
ghsa_unreviewed·2022-05-17
CVE-2013-4579 [MEDIUM] GHSA-v4p7-4gcw-hc4c: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
Kernel
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
kernel_security·2013-12-21·CVSS 4.3
CVE-2013-4579 [MEDIUM] Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless
John W. Linville says:
Please consider pulling this batch of fixes for the 3.13 stream...
For the mac80211 bits, Johannes says:
"Here's a fix for another potential radiotap parser buffer overrun thanks
to Evan Huus, and a fix for a cfg80211 warning in a certain corner case
(reconnecting to the same BSS)."
For the bluetooth bits, Gustavo says:
"Two patches in this pull request. An important fix from Marcel in the
permission check for HCI User Channels, there was a extra check for
CAP_NET_RAW, and it was now removed. These channels should only require
CAP_NET_ADMIN. The other patch is a device id addition."
On top of that...
Sujith Manoharan provides a workaround for a hardware problem that
ca
Kernel
ath9k_htc: properly set MAC address and BSSID mask
kernel_security·2013-11-28·CVSS 4.3
CVE-2013-4579 [MEDIUM] ath9k_htc: properly set MAC address and BSSID mask
ath9k_htc: properly set MAC address and BSSID mask
Pick the MAC address of the first virtual interface as the new hardware MAC
address. Set BSSID mask according to this MAC address. This fixes CVE-2013-4579.
Signed-off-by: Mathy Vanhoef
Signed-off-by: John W. Linville
OSV
CVE-2013-4579: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main
osv·2013-11-20·CVSS 4.3
CVE-2013-4579 [MEDIUM] CVE-2013-4579: The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
No detection rules found.
Bugzilla
CVE-2013-4579 kernel: ath9k_htc driver improperly updates MAC [fedora-all]
bugzilla·2013-11-21·CVSS 4.3
CVE-2013-4579 [MEDIUM] CVE-2013-4579 kernel: ath9k_htc driver improperly updates MAC [fedora-all]
CVE-2013-4579 kernel: ath9k_htc driver improperly updates MAC [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affect
Bugzilla
CVE-2013-4579 kernel: ath9k_htc driver improperly updates MAC
bugzilla·2013-11-20·CVSS 4.3
CVE-2013-4579 [MEDIUM] CVE-2013-4579 kernel: ath9k_htc driver improperly updates MAC
CVE-2013-4579 kernel: ath9k_htc driver improperly updates MAC
Linux kernel built with the ath9k_htc(CONFIG_ATH9K_HTC) wireless driver is vulnerable to an information leakage flaw. This driver does not properly update the MAC address when user changes it, thus leaking the same. This flaw could be
used to remotely determine the original MAC address of a machine.
A user/program could use this flaw to remotely discover the original MAC address of a machine.
Reference:
-> http://www.openwall.com/lists/oss-security/2013/11/15/3
-> http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html
Discussion:
Statement:
This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
---
Created kernel tracking b
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729573http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.htmlhttp://www.openwall.com/lists/oss-security/2013/11/15/3http://www.ubuntu.com/usn/USN-2113-1http://www.ubuntu.com/usn/USN-2117-1http://www.ubuntu.com/usn/USN-2133-1http://www.ubuntu.com/usn/USN-2134-1http://www.ubuntu.com/usn/USN-2135-1http://www.ubuntu.com/usn/USN-2136-1http://www.ubuntu.com/usn/USN-2138-1http://www.ubuntu.com/usn/USN-2139-1http://www.ubuntu.com/usn/USN-2141-1https://lists.ath9k.org/pipermail/ath9k-devel/2013-November/012215.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729573http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.htmlhttp://www.openwall.com/lists/oss-security/2013/11/15/3http://www.ubuntu.com/usn/USN-2113-1http://www.ubuntu.com/usn/USN-2117-1http://www.ubuntu.com/usn/USN-2133-1http://www.ubuntu.com/usn/USN-2134-1http://www.ubuntu.com/usn/USN-2135-1http://www.ubuntu.com/usn/USN-2136-1http://www.ubuntu.com/usn/USN-2138-1http://www.ubuntu.com/usn/USN-2139-1http://www.ubuntu.com/usn/USN-2141-1https://lists.ath9k.org/pipermail/ath9k-devel/2013-November/012215.html
2013-11-20
Published