Wi-Fi Bug Found in Linux

Laurent Butti, a researcher from France Telecom Orange, found a flaw in a major Linux Wi-Fi driver that can allow an attacker to take control of a laptop – even when it is not on a Wi-Fi network. At last month's Black Hat conference in Amsterdam, he detailed the flaw saying it affects the widely used MadWi-Fi Linux kernel device driver for Atheros-based Wi-Fi chipsets. "You may be vulnerable if you do not manually patch your MadWi-Fi driver," said Butti. Before making it public, he shared the flaw with the MadWi-Fi development team, who have released a patch. However, not all Linux distributions have yet built the patch into their code, said Butti.

There have not been many Linux Wi-Fi device drivers, and this is apparently the first remotely executable Wi-Fi bug. The kernel stack-overflow bug lets an attacker run malicious code, and can be used even if the machine is not actively on a Wi-Fi network, according to Butti, who used "fuzzing" techniques which had been shown by David Maynor and "Johnny Cache" Jon Ellch, at last year's Black Hat USA conference, and previously exploited on Windows and Macintosh systems.

News source: PC World

Report a problem with article
Previous Story

China begins crackdown on Internet porn

Next Story

Adobe Flash Player 9.0.45.0 x86

21 Comments

Commenting is disabled on this article.

tunafish said,
oh noes the linux os got a bug, go cry elsewere as thats whats irking me

Wow, your lack of knowledge is sad...it's not a linux problem, but a 3rd party driver problem. Would you blame Microsoft if your usb scanner driver had a security hole?

zivan56 said,

Wow, your lack of knowledge is sad...it's not a linux problem, but a 3rd party driver problem. Would you blame Microsoft if your usb scanner driver had a security hole? :rolleyes:

well your lack of sarcasm is sad
so right away you just presume i use windows? all i can say to you is go to hell

tunafish said,

well your lack of sarcasm is sad
so right away you just presume i use windows? all i can say to you is go to hell

I don't see any sarcasm there, rather, you trying to cover up FUD that you posted. Think before you post. And telling me to go to hell just proves that you know nothing about the subject and are trying to avoid a fact based argument in order to avoid showing your lack of knowledge.

Pathetic. This type of reporting really, really irks me as it is pure FUD.

This is just a headline, and therefore hits and revenue grabbing exercise!

First off, this vulnerability is more than four months old, being publicly known from the 6th December 2006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6332 .

And, more importantly, as others have said, it is not a bug in Linux (the kernel) rather one in a third party driver.

Similar flaws have been found in Intel, Broadcom and Atheros drivers under the Windows platform, but reporters didn't go around claiming "Wi-Fi Bug Found in Windows"

Not impressed...

Wait a minute, MadWi-Fi? Where's that?

cd /usr/src/linux/lin*r5*
#make menuconfig

Nope, nothing there.

I can write a malicious driver for Windows. Does that in itself mean there's a security bug in Windows?

Hmm, I don't use MadWifi, but uhh, isn't this a bug in MADWIFI, not a bug in Linux, that'd be like you posting a flaw in say intel wifi drivers as "Wi-Fi Bug Found in Windows" ?

Surely also this bug will only affect the current user, so you'd have to be an idiot and logged in as root for it to do any serious damage?

I use the madwifi drivers, and honestly, I'm not the lest bit concerned with patching this. It'll get utomatically included in an update and I'll never have to worry about it. Nobody in any sort of proximity has any clue what linux actually is, let alone how to exploit this bug.

Not to sound like a jerk - I use Linux, but not as my main OS - this is one of the things about Linux users that bug me. You're soo sure that your systems will never get hacked or anything. You're too sure of Linux. Now this flaw has been made public. It now puts you at risk. Not saying you'll get hacked by someone, it's actually a rare thing for most users of any OS who know what they're doing. I'm just saying, you shouldn't be soo confident simply because you're using Limux.

I'm confident because I live in Red Deer, Alberta, Canada

Land of rednecks, hicks, and cowboys. Most people here don't even know how to run windows, let alone know how to do anything destructive, especially to a small remote flaw in linux. Even if there were quite a few linux users and more savvy people around I wouldn't be TOO worried (though I'd probably patch anyways), just because it's one specific driver and not everyone uses it. It'd be kind of a complete waste of time (not to mention usually obvious) to hunt those specific people who use this chipset and haven't patched.

nice:- its not linux kernel bug but third party one
good:- they released patch too.
best:- dont use madwifi driver at all intel wifi chip da best.

You are joking, right? The Atheros chips are among the best, and have been used for years for very long distance communication (50+km). In fact, almost all industry wifi networks use their chips. The Linux drivers, although partially closed source, are the best wireless drivers out there. The Intel drivers and chips on the other hand are crap. For starters, they don't support anything but ad-hoc and managed mode.
I guess if you look at it from a basic wireless users point of view, I can see why you would think they are good. But in reality, the Intel wireless stuff is very basic and doesn't even provice full 802.11 functionality.

zivan56 said,
You are joking, right? The Atheros chips are among the best, and have been used for years for very long distance communication (50+km). In fact, almost all industry wifi networks use their chips. The Linux drivers, although partially closed source, are the best wireless drivers out there. The Intel drivers and chips on the other hand are crap. For starters, they don't support anything but ad-hoc and managed mode.
I guess if you look at it from a basic wireless users point of view, I can see why you would think they are good. But in reality, the Intel wireless stuff is very basic and doesn't even provice full 802.11 functionality.

===============================

suse@susebox:~> dmesg | grep atheros
suse@susebox:~> dmesg | grep intel
intel_rng: FWH not detected
ieee80211: Copyright © 2004-2005 Intel Corporation <jketreno@linux.intel.com>
suse@susebox:~>

==============================

This tells me i got no prob.

First off, Intel chips are not that great. Computer manufacturers just use them because they are cheap and they work. Google Atheros, and see how many people switched from Intel to Atheros and noticed a HUGE improvement and that they are never using Intel again. Atheros chips have so many configurations. Check out stealth mode. With the right card and access point, and a little work, it is possible to create an access point that is undetectable. I'm not talking about hiding the SSID, with this NO ONE but you can see it.

S7un7 said,
First off, Intel chips are not that great. Computer manufacturers just use them because they are cheap and they work. Google Atheros, and see how many people switched from Intel to Atheros and noticed a HUGE improvement and that they are never using Intel again. Atheros chips have so many configurations. Check out stealth mode. With the right card and access point, and a little work, it is possible to create an access point that is undetectable. I'm not talking about hiding the SSID, with this NO ONE but you can see it.

intaresting

<SARCASM>Mmm I thought Linux didn't have bugs....</SARCASM> ;)

Now some people know how it feels when OS security issues get mistaken by driver security issues.

Quick, run windows update and get the latest patch.... oh wait.

Correct Ricardo

Nothing is better than using an OS which is full of 0.2.8 alfa components. But at least it is open-source so a 12 year old script kiddie can make a fine "update" for your system, and don't forget: it is free, you can "freely" spend weeks inside slovak/german/spanish/korean forums to make your hardware work as it should. Hurray for the penguin.