Laurent Butti, a researcher from France Telecom Orange, found a flaw in a major Linux Wi-Fi driver that can allow an attacker to take control of a laptop – even when it is not on a Wi-Fi network. At last month's Black Hat conference in Amsterdam, he detailed the flaw saying it affects the widely used MadWi-Fi Linux kernel device driver for Atheros-based Wi-Fi chipsets. "You may be vulnerable if you do not manually patch your MadWi-Fi driver," said Butti. Before making it public, he shared the flaw with the MadWi-Fi development team, who have released a patch. However, not all Linux distributions have yet built the patch into their code, said Butti.
There have not been many Linux Wi-Fi device drivers, and this is apparently the first remotely executable Wi-Fi bug. The kernel stack-overflow bug lets an attacker run malicious code, and can be used even if the machine is not actively on a Wi-Fi network, according to Butti, who used "fuzzing" techniques which had been shown by David Maynor and "Johnny Cache" Jon Ellch, at last year's Black Hat USA conference, and previously exploited on Windows and Macintosh systems.
News source: PC World
There have not been many Linux Wi-Fi device drivers, and this is apparently the first remotely executable Wi-Fi bug. The kernel stack-overflow bug lets an attacker run malicious code, and can be used even if the machine is not actively on a Wi-Fi network, according to Butti, who used "fuzzing" techniques which had been shown by David Maynor and "Johnny Cache" Jon Ellch, at last year's Black Hat USA conference, and previously exploited on Windows and Macintosh systems.
News source: PC World
Now some people know how it feels when OS security issues get mistaken by driver security issues.
Quick, run windows update and get the latest patch.... oh wait.
Nothing is better than using an OS which is full of 0.2.8 alfa components. But at least it is open-source so a 12 year old script kiddie can make a fine "update" for your system, and don't forget: it is free, you can "freely" spend weeks inside slovak/german/spanish/korean forums to make your hardware work as it should. Hurray for the penguin.
good:- they released patch too.
best:- dont use madwifi driver at all
I guess if you look at it from a basic wireless users point of view, I can see why you would think they are good. But in reality, the Intel wireless stuff is very basic and doesn't even provice full 802.11 functionality.
I guess if you look at it from a basic wireless users point of view, I can see why you would think they are good. But in reality, the Intel wireless stuff is very basic and doesn't even provice full 802.11 functionality.
===============================
suse@susebox:~> dmesg | grep atheros
suse@susebox:~> dmesg | grep intel
intel_rng: FWH not detected
ieee80211: Copyright © 2004-2005 Intel Corporation <jketreno@linux.intel.com>
suse@susebox:~>
==============================
This tells me i got no prob.
intaresting
Land of rednecks, hicks, and cowboys. Most people here don't even know how to run windows, let alone know how to do anything destructive, especially to a small remote flaw in linux. Even if there were quite a few linux users and more savvy people around I wouldn't be TOO worried (though I'd probably patch anyways), just because it's one specific driver and not everyone uses it. It'd be kind of a complete waste of time (not to mention usually obvious) to hunt those specific people who use this chipset and haven't patched.
Surely also this bug will only affect the current user, so you'd have to be an idiot and logged in as root for it to do any serious damage?
cd /usr/src/linux/lin*r5*
#make menuconfig
Nope, nothing there.
I can write a malicious driver for Windows. Does that in itself mean there's a security bug in Windows?
This is just a headline, and therefore hits and revenue grabbing exercise!
First off, this vulnerability is more than four months old, being publicly known from the 6th December 2006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6332 .
And, more importantly, as others have said, it is not a bug in Linux (the kernel) rather one in a third party driver.
Similar flaws have been found in Intel, Broadcom and Atheros drivers under the Windows platform, but reporters didn't go around claiming "Wi-Fi Bug Found in Windows"
Not impressed...
Wow, your lack of knowledge is sad...it's not a linux problem, but a 3rd party driver problem. Would you blame Microsoft if your usb scanner driver had a security hole?
Wow, your lack of knowledge is sad...it's not a linux problem, but a 3rd party driver problem. Would you blame Microsoft if your usb scanner driver had a security hole?
well your lack of sarcasm is sad
so right away you just presume i use windows? all i can say to you is go to hell
Wow, your lack of knowledge is sad...it's not a linux problem, but a 3rd party driver problem. Would you blame Microsoft if your usb scanner driver had a security hole?
well your lack of sarcasm is sad
so right away you just presume i use windows? all i can say to you is go to hell
I don't see any sarcasm there, rather, you trying to cover up FUD that you posted. Think before you post. And telling me to go to hell just proves that you know nothing about the subject and are trying to avoid a fact based argument in order to avoid showing your lack of knowledge.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.