__/ [ [H]omer ] on Sunday 15 April 2007 21:15 \__
> Verily I say unto thee, that East spake thusly:
>> Wi-Fi Bug Found in Linux
>> A major Linux Wi-Fi driver contains a bug that can allow an attacker to
>> take control of a laptop--even when it is not on a Wi-Fi network.
>> Peter Judge, Techworld.com
>> Friday, April 13, 2007 01:00 PM PDT
>
> Here's the missing URL:
>
>
http://www.techworld.com/mobility/news/index.cfm?newsID=8546&pagtype=samechan
>
> From the exploit presentation:
>
> #ifdef IWEVGENIE
> memset(&iwe, 0, sizeof(iwe));
> memcpy(buf, se->se_wpa_ie, se->se_wpa_ie[1] + 2);
> iwe.cmd = IWEVGENIE; ^^^^^^ (Buffer Overflow)
> iwe.u.data.length = se->se_wpa_ie[1] + 2;
> #else
> static const char wpa_leader[ ] = "wpa_ie=";
> memset(&iwe, 0, sizeof(iwe));
> iwe.cmd = IWEVCUSTOM; <--- (encode_ie() vulnerable)
> iwe.u.data.length = encode_ie(buf, sizeof(buf),
> se->se_wpa_ie, se->se_wpa_ie[1] + 2,
> wpa_leader, sizeof(wpa_leader) - 1);
> #endif
>
>
https://www.blackhat.com/presentations/bh-eu-07/Butti/Presentation/bh-eu-07-Butti.pdf
>
> So a vulnerability has been discovered in some Open Source code ... and
> there is *that* code for all to see (and therefore *fix*).
>
> What does that mean in practice terms?:
>
> "We contacted Madwifi team on December, 5th
> They released a patched package (0.9.2.1) on December, 6th"
>
> And where is the source for all the tens of thousands of *Windows*
> vulnerabilities? And how long does it take Microsoft to fix *them*?
>
> Thanks for demonstrating yet another way in which FOSS is superior to
> proprietary software.
This thing has been blown out of proportion, just like that so-called iPod
virus. I posted a reply to Linonut before I saw yours.
It's not as though XP hasn't had this type of issue as well, _and_ it was
unpatched for a long time (many XP machines are still under threat). See:
The Critical XP Wi-Fi Patch You Need Today
,----[ Quote ]
| Here's a worrying thought for you: your users risk compromising
| your corporate network every time they step out of the office
| with their laptop. And that's without even using a public Wi-Fi
| spot to connect to the Internet.
`----
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3668406
--
~~ With kind regards
Roy S. Schestowitz | $> sudo root; cd /; rm -rf *.doc
http://Schestowitz.com | GNU/Linux | PGP-Key: 0x74572E8E
Swap: 1036184k total, 433444k used, 602740k free, 37760k cached
http://iuron.com - next generation of search paradigms
|
|