Laurent Butti, a researcher from France Telecom Orange, found a flaw in a major Linux Wi-Fi driver that can allow an attacker to take control of a laptop – even when it is not on a Wi-Fi network. At last months Black Hat conference in Amsterdam, he detailed the flaw saying it affects the widely used MadWi-Fi Linux kernel device driver for Atheros-based Wi-Fi chipsets. "You may be vulnerable if you do not manually patch your MadWi-Fi driver," said Butti. Before making it public, he shared the flaw with the MadWi-Fi development team, who have released a patch. However, not all Linux distributions have yet built the patch into their code, said Butti.
There have not been many Linux Wi-Fi device drivers, and this is apparently the first remotely executable Wi-Fi bug. The kernel stack-overflow bug lets an attacker run malicious code, and can be used even if the machine is not actively on a Wi-Fi network, according to Butti, who used "fuzzing" techniques which had been shown by David Maynor and "Johnny Cache" Jon Ellch, at last years Black Hat USA conference, and previously exploited on Windows and Macintosh systems.
News source: PC World