Re: Wi-Fi Bug Found in Linux

Home	Messages Index

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index

Re: Wi-Fi Bug Found in Linux

Subject: Re: Wi-Fi Bug Found in Linux
From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
Date: Mon, 16 Apr 2007 08:14:55 +0100
Newsgroups: comp.os.linux.advocacy
Organization: schestowitz.com / Netscape
References: <evtnj401d3l@news3.newsguy.com> <mndaf4-8ng.ln1@sky.matrix>
Reply-to: newsgroups@xxxxxxxxxxxxxxx
User-agent: KNode/0.7.2

__/ [ [H]omer ] on Sunday 15 April 2007 21:15 \__

> Verily I say unto thee, that East spake thusly:
>> Wi-Fi Bug Found in Linux
>> A major Linux Wi-Fi driver contains a bug that can allow an attacker to
>> take control of a laptop--even when it is not on a Wi-Fi network.
>> Peter Judge, Techworld.com
>> Friday, April 13, 2007 01:00 PM PDT
> 
> Here's the missing URL:
> 
>
http://www.techworld.com/mobility/news/index.cfm?newsID=8546&pagtype=samechan
> 
> From the exploit presentation:
> 
> #ifdef IWEVGENIE
>           memset(&iwe, 0, sizeof(iwe));
>           memcpy(buf, se->se_wpa_ie, se->se_wpa_ie[1] + 2);
>           iwe.cmd = IWEVGENIE;       ^^^^^^ (Buffer Overflow)
>           iwe.u.data.length = se->se_wpa_ie[1] + 2;
> #else
>           static const char wpa_leader[ ] = "wpa_ie=";
>           memset(&iwe, 0, sizeof(iwe));
>           iwe.cmd = IWEVCUSTOM; <--- (encode_ie() vulnerable)
>           iwe.u.data.length = encode_ie(buf, sizeof(buf),
>                     se->se_wpa_ie, se->se_wpa_ie[1] + 2,
>                     wpa_leader, sizeof(wpa_leader) - 1);
> #endif
> 
>
https://www.blackhat.com/presentations/bh-eu-07/Butti/Presentation/bh-eu-07-Butti.pdf
> 
> So a vulnerability has been discovered in some Open Source code ... and
> there is *that* code for all to see (and therefore *fix*).
> 
> What does that mean in practice terms?:
> 
> "We contacted Madwifi team on December, 5th
> They released a patched package (0.9.2.1) on December, 6th"
> 
> And where is the source for all the tens of thousands of *Windows*
> vulnerabilities? And how long does it take Microsoft to fix *them*?
> 
> Thanks for demonstrating yet another way in which FOSS is superior to
> proprietary software.

This thing has been blown out of proportion, just like that so-called iPod
virus. I posted a reply to Linonut before I saw yours.

It's not as though XP hasn't had this type of issue as well, _and_ it was
unpatched for a long time (many XP machines are still under threat). See:

The Critical XP Wi-Fi Patch You Need Today

,----[ Quote ]
| Here's a worrying thought for you: your users risk compromising
| your corporate network every time they step out of the office
| with their laptop. And that's without even using a public Wi-Fi
| spot to connect to the Internet.
`----

http://www.enterprisenetworkingplanet.com/netsecur/article.php/3668406

-- 
                ~~ With kind regards

Roy S. Schestowitz      |    $> sudo root; cd /; rm -rf *.doc
http://Schestowitz.com  |     GNU/Linux     |     PGP-Key: 0x74572E8E
Swap:  1036184k total,   433444k used,   602740k free,    37760k cached
      http://iuron.com - next generation of search paradigms

Follow-Ups:
- Re: Wi-Fi Bug Found in Linux
  - From: Linonut

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index