The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2135-1 | vendor advisory |
| http://www.ubuntu.com/usn/USN-2138-1 | vendor advisory |
| http://www.ubuntu.com/usn/USN-2113-1 | vendor advisory |
| http://www.ubuntu.com/usn/USN-2141-1 | vendor advisory |
| http://www.openwall.com/lists/oss-security/2013/11/15/3 | mailing list |
| http://www.ubuntu.com/usn/USN-2136-1 | vendor advisory |
| http://www.ubuntu.com/usn/USN-2139-1 | vendor advisory |
| http://www.ubuntu.com/usn/USN-2134-1 | vendor advisory |
| http://www.ubuntu.com/usn/USN-2117-1 | vendor advisory |
| http://www.ubuntu.com/usn/USN-2133-1 | vendor advisory |
| http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html | exploit |
| https://lists.ath9k.org/pipermail/ath9k-devel/2013-November/012215.html | mailing list |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729573 |