New bug found in MadWiFi Linux kernel driverBest Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
HOME TIPS NEWS TOOLS DOWNLOADS VIRUS & SPYWARE FORUM BOOKS FREE MAGAZINES & PAPERS
GFI LANguard Network Security Scanner - Dld 30-day trial! del.icio.us  digg  Furl  NewsVine  Spurl  Blinklist  Ma.gnolia  Reddit  Tailrank  YahooMyWeb 
Best Tips
Microsoft Office Attacks
Improve Security of Send...
Norton Internet Security...
Top 5 Web Surfing Protec...
10 Email Fight Club rule...
How to Stay Safe on Soci...
How To Prevent Corrupted...
Top 5 Privacy Protection...
DNS Servers Attacks
When You Cannot Remove S...
Security Scanner
Security Categories
 1. Adware/Spyware
 2. Antivirus
 3. Firewall
 4. Phishing
 5. Linux Security
 6. Windows Security
 7. Security Incidents
 8. Web Security
 9. P2P Security
Advertise With Us!
Latest Viruses / Threats
Halifax Online Banking Security Measures.
2008/7/20 7:00:00
Our New Security Measures
2008/7/20 7:00:00
Important Security Notice
2008/7/20 7:00:00
Internet Banking Security
2008/7/20 7:00:00
Halifax Bank - Access Suspended:
2008/7/20 7:00:00
Downloads
 0.Fx MPEG Suite
 1.Daniusoft Video to MP4 Converter
 2.iProtectYou
 3.Deep Ball Defender
 4.Amazing Parrots Screensaver
 5.FlashCam Rebroadcasting server
 6.MysqlDataBackupTool
 7.Photo-Paint 9 script converter
 8.Fast PDF converter
 9.Apex iPod Video Converter Home Edition
RSS / Atom Feeds
Linux Security : New bug found in MadWiFi Linux kernel driver
Posted by Max on 2007/4/17 16:30:14 (893 reads)
Linux Security

A software bug  has been found in MadWiFi Linux  kernel driver that can allow a hacker to take control of a laptop - even when it is not hooked on a WiFi network.

There have not been many Linux WiFi device drivers, and this is actually the first remotely executable WiFi bug. It affects the broadly used MadWiFi Linux kernel device driver for Atheros-based WiFi chipsets, according to Laurent Butti, a security researcher from France Telecom Orange, who found the flaw and released the news  in a presentation  at last month's Black Hat conference in Amsterdam.


"You may be vulnerable if you do not manually patch your MadWiFi driver," said Butti. Before making it public, he shared the flaw with the MadWiFi development team, who have released a patch. However, not all Linux distributions have yet built the patch into their code, said Butti.

The kernel stack-overflow bug lets an attacker run malicious code, and can be used even if the machine is not actively on a WiFi network, according to Butti, who used "fuzzing" techniques which had been shown by David Maynor and "Johnny Cache" Jon Ellch, at last year's Black Hat USA conference, and previously exploited on Windows and Macintosh systems.

Linux users have previously suffered from a shortage of Linux drivers, and have campaigned to get wireless networks supported in the Linux kernel. With fewer Linux laptops on WiFi networks, security experts - and presumably hackers - have taken longer to get round to Linux drivers, but issue of handling remote data at the kernel level can cause trouble on the open source OS just as easily as any other.

Butti has previously developed the RAW series of proof-of-concept hacker tools. He also found the Windows WiFi flaw by fuzzing, during the Month of Kernel Bugs last year.

Fuzzing is a blessing, according to Butti, because it is a low-cost way for security researchers to uncover obvious bugs that may get overlooked, and exploited by hackers.

In future, he expects fuzzing to reveal bugs in other wireless technologies like WiMax, and wireless USB, as well as many more bugs in the extensions that are regularly added to WiFi.



Other articles
2008/7/18 14:34:52 - Symantec Releases Public Betas of Norton Internet Security 2009, Norton AntiVirus 2009
2008/7/18 14:10:39 - Agent.JEN Trojan spreads trough fake UPS Emails
2008/7/16 0:09:34 - How Cybercrime Became a Booming Business - Finjan Q2 2008 Web Security Trends Report
2008/7/14 7:20:37 - Gmail Is Free of eBay and PayPal Phishing - Forever !
2008/7/14 1:43:11 - New iPhone 3G Web Security Application

The comments are owned by the poster. We aren't responsible for their content.



 

HOME | NEWS | SECURITY BLOG | TOOLS | DOWNLOADS | SECURITY BOOKS | TIPS | SITEMAP | TERMS AND CONDITIONS | INTERNET SECURITY SEARCH ENGINE | ADVERTISE ON THIS SITE | CONTACT
Nov '07 | Dec '07 | Jan '08 | Feb '08 | Mar '08 | Apr '08 | May '08 | Jun '08 
Best Security Downloads offers 4000+ free and free to try security downloads