On 2007-04-15, East <me@xxxxxxxxxxx> claimed:
> Wi-Fi Bug Found in Linux
> A major Linux Wi-Fi driver contains a bug that can allow an attacker to take
> control of a laptop--even when it is not on a Wi-Fi network.
> Peter Judge, Techworld.com
> Friday, April 13, 2007 01:00 PM PDT
>
> A bug has been found in a major Linux Wi-Fi driver that can allow an attacker
> to take control of a laptop -- even when it is not on a Wi-Fi network.
>
> There have not been many Linux Wi-Fi device drivers, and this is apparently
> the first remotely executable Wi-Fi bug. It affects the widely used MadWi-Fi
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Sweet!
> Linux kernel device driver for Atheros-based Wi-Fi chipsets, according to
> Laurent Butti, a researcher from France Telecom Orange, who found the flaw and
> released the information in a presentation at last month's Black Hat
> conference in Amsterdam.
>
> "You may be vulnerable if you do not manually patch your MadWi-Fi driver,"
> said Butti. Before making it public, he shared the flaw with the MadWi-Fi
> development team, who have released a patch. However, not all Linux
> distributions have yet built the patch into their code, said Butti.
>
> The kernel stack-overflow bug lets an attacker run malicious code, and can be
> used even if the machine is not actively on a Wi-Fi network, according to
> Butti, who used "fuzzing" techniques which had been shown by David Maynor and
> "Johnny Cache" Jon Ellch, at last year's Black Hat USA conference, and
> previously exploited on Windows and Macintosh systems.
>
> Linux users have previously suffered from a shortage of Linux drivers, and
> have campaigned to get wireless networks supported in the Linux kernel. With
> fewer Linux laptops on Wi-Fi networks, security experts -- and presumably
> hackers -- have taken longer to get round to Linux drivers, but issue of
> handling remote data at the kernel level can cause trouble on the open source
> OS just as easily as any other.
>
> Butti has previously developed the RAW series of proof-of-concept hacker
> tools. He also found the Windows Wi-Fi flaw by fuzzing, during the Month of
> Kernel Bugs last year.
>
> Fuzzing is a blessing, according to Butti, because it is a low-cost way for
> security researchers to uncover obvious bugs that may get overlooked, and
> exploited by hackers. In future, he expects fuzzing to reveal bugs in other
> wireless technologies like WiMax, and wireless USB, as well as many more bugs
> in the extensions that are regularly added to Wi-Fi.
Nice URL.
Here's another rendering (with a link to it, too):
http://www.darkreading.com/document.asp?doc_id=121536&f_src=darkreading_informationweek
http://tinyurl.com/2gyt7l
Laurent Butti, senior security expert for France Telecom's Orange
R&D, says all it takes is the client machine's NIC to be activated
and perform its automated scanning feature for WiFi access points in
range, and the vulnerability is triggered. The attacker initially
must be in wireless range of the victim for the code to execute the
exploit, he says.
Sounds like the bad guys won't have a lot of time to catch it before it
gives up or makes a connection.
And another piece (with URL):
http://www.linuxsecurity.com/content/view/127771/
Laurent Butti, senior security expert for France Telecom's Orange
R&D, says all it takes is the client machine's NIC to be activated
and perform its automated scanning feature for WiFi access points in
range, and the vulnerability is triggered. The attacker initially
must be in wireless range of the victim for the code to execute the
exploit, he says.
Uh huh. Needs to happen during "automated scanning" which I suspect a
great many linux users won't use at home, though they might on the
road.
And still another (azmingly, it has a link, too):
http://www.speedguide.net/read_news.php?id=2306
A researcher from France Telecom has discovered the first remotely
exploitable 802.11 WiFi bug on a Linux machine. The kernel
stack-overflow bug, which is in the open-source MadWiFi Linux kernel
device driver, lets an attacker run malicious code remotely on an
infected machine -- and the infected machine doesn't even have to be
on a WiFi network to get "owned."
The *FIRST* remotely exploitable 802.11 WiFi bug on a linux machine?
How many does Windross have? Hundreds? Dozens (at least)? Thousands?
For how many different wireless drivers? Just one class, like this one?
Or multiples?(1)
Anyway, it's nice it's been found. I remember a patch related to
MadWiFi awhile back, too. Probably the fix for this is my guess. I
don't use it though, and that reminded me that I needed to uninstall
it.
I found the link you failed to provide, BTW:
http://www.techworld.com/mobility/news/index.cfm?newsID=8546&pagtype=samechan
http://tinyurl.com/27mcu3
(1) Or even multiples of multiples of multiples.
--
Windows: In what position would you like to be taken today?
|
|
