LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Press page

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Remotely executable Wi-Fi bug found in Linux (ComputerWorld)

[Posted April 16, 2007 by ris]

ComputerWorld reports on an exploitable bug in the MadWi-Fi Linux kernel device driver for Atheros-based Wi-Fi chipsets. "A bug has been found in a major Linux Wi-Fi driver that can allow an attacker to take control of a laptop -- even when it is not on a Wi-Fi network. There have not been many Linux Wi-Fi device drivers, and this is apparently the first remotely executable Wi-Fi bug. It affects the widely used MadWi-Fi Linux kernel device driver for Atheros-based Wi-Fi chipsets, according to Laurent Butti, a researcher from France Telecom Orange, who found the flaw and released the information in a presentation at last month's Black Hat conference in Amsterdam." (Thanks to Duncan)
(Log in to post comments)

Remotely executable Wi-Fi bug found in Linux (ComputerWorld)

Posted Apr 16, 2007 18:37 UTC (Mon) by arekm (subscriber, #4846) [Link]

madwifi driver doesn't exist in linux kernel, it's EXTERNAL driver. It's like saying ,,major flaw found in Windows'' and pointing to ati driver.

"No known security issues in v0.9.3"

Posted Apr 16, 2007 18:42 UTC (Mon) by paravoid (subscriber, #32869) [Link]

madwifi.org provides some insight:
http://madwifi.org/wiki/news/20070416/no-known-security-i...

To summarize:
- The security hole was found _on_ Linux, not "*in* Linux", since madwifi is not included in the mainline kernel
- The security hole is known for 4 months and it was fixed (in version 0.9.2.1) before it was publicly announced

"No known security issues in v0.9.3"

Posted Apr 16, 2007 20:14 UTC (Mon) by NightMonkey (subscriber, #23051) [Link]

So, if the fix version (0.9.2.1) is correct, this means that this was fixed on my Gentoo-powered laptop on Sunday December 10, 2006. I'd like to think that the major distros fixed it within a month or so of that release. So why is this news now?

If it is because it *wasn't* in major distros package DBs (in stable), then why not?

"No known security issues in v0.9.3"

Posted Apr 17, 2007 5:38 UTC (Tue) by wblew (subscriber, #39088) [Link]

Because it sells subscriptions to the credulous?

"No known security issues in v0.9.3"

Posted Apr 17, 2007 10:59 UTC (Tue) by Los__D (subscriber, #15263) [Link]

Who, ComputerWorld, or the major commercial distributions, or both? ;)

Remotely executable Wi-Fi bug found in Linux (ComputerWorld)

Posted Apr 17, 2007 2:36 UTC (Tue) by kitterma (guest, #4448) [Link]

I don't know about other distros, but Ubuntu dealt with this back in January:

http://www.ubuntu.com/usn/usn-404-1

Remotely executable Wi-Fi bug found in Linux (ComputerWorld)

Posted Apr 17, 2007 7:05 UTC (Tue) by tomas2 (guest, #37038) [Link]

Just for the record, as they say...

This was fixed in Debian back in december 2006.
http://packages.debian.org/changelogs/pool/non-free/m/mad...

(Seems that the fixed package took the unstable -> testing route,
as madwifi wasn't included in Sarge that was the stable distribution
back then.)

Tomas

Remotely executable Wi-Fi bug found in Linux (ComputerWorld)

Posted Apr 18, 2007 2:41 UTC (Wed) by kitterma (guest, #4448) [Link]

Absolutely. The point being it's much ado about nothing much any more.

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds