Wednesday, November 5, 2008

Remote Buffer Overflow Bug in Linux Wireless NDISWrapper Kernel Driver

Via ZDNet -

A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.

The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges. This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks.

This from the Gentoo bug report:

  • Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service.

Secunia rates this a “moderately critical” vulnerability:

  • The vulnerability is caused due to a boundary error in the ndiswrapper kernel driver when processing wireless network packets. This can be exploited to cause a buffer overflow via an overly long ESSID (Extended Service Set Identifier). Successful exploitation may allow execution of arbitrary code.

The vulnerability (CVE-2008-4395) affects Linux Kernel 2.6.27. As a temporary mitigation, Linux users should disable wireless network card that are not in use.

No comments:

Post a Comment