Code Execution Bug In Broadcom Wi-Fi Driver 157
2U*U2 writes to mention an EWeek article about an entry in the Month of Kernel Bugs. John Ellch has discovered a critical vulnerability in the Broadcom wireless driver: a driver used in machines from HP, Dell, Gateway, and eMachines. From the article: "[The bug] is a stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver that could be exploited by attackers to take complete control of a Wi-Fi-enabled laptop. The vulnerability is caused by improper handling of 802.11 probe responses containing a long SSID field and can lead to arbitrary kernel-mode code execution. The volunteer ZERT (Zero Day Emergency Response Team) warns that the flaw could be exploited wirelessly if a vulnerable machine is within range of the attacker."
Kind of makes me glad I've got homeplug.. (Score:3, Interesting)
Re:NDISWrapper (Score:2, Interesting)
Dont quote me. I dont have a Broadcom wireless.
Anyway the flaw wouldnt affect Linux systems. Why? Different kernel.
Re:NDISWrapper (Score:3, Interesting)
Re:So... (Score:3, Interesting)
Re:"BCMWL5.SYS" (Score:3, Interesting)
Re:So... (Score:4, Interesting)
"He still hasn't disclosed any information on a bug in apple-supplied wireless drivers for apple-supported wireless devices..."
Nor are they obligated to. Odds are that the presentation had the desired effect and there was no need to proceed further.
"...even though he was offered stuff for actually proving what he'd said (John Gruber, for example, offered to give him two brand-new fresh-out-of-the-box macbooks if he managed to hack them)"
No, here's the link:
http://daringfireball.net/2006/09/open_challenge [daringfireball.net]
Gruber challenged them to hack a macbook (not two) with many stipulations. The challenge was to be videotaped and the conditioned were not under the control of the hackers. If the challenge was not met, the hackers would have to pay for the machine. The results of the videotaping were the property of John Gruber.
There are plenty of reasons for not accepting the challenge. They may have felt that there would be too much risk that they didn't want to accept, they may have not given a shit about John Gruber (likely), they may not have wanted to contributed to his pro-Apple site, or they may have had no interest in the lame reward offered. A macbook may be exciting to you and John Gruber but probably not to them.
Just because additional details were not provided on demand to Apple loyalists does not mean that vulnerabilities didn't exist. IMO the test configuration was chosen because it was the easiest one to demonstrate the flaw. That doesn't mean it's the only one that contains the flaw though Apple apologists have always insisted otherwise.
It works because it's free and it can, Re:Linux (Score:2, Interesting)
Does my "reverse engineered" linux driver have this bug?
Probably not. If it does, it will be fixed soon.
Why is it that a bunch of people who don't get paid come up with bug-free solutions?
It gets fixed because it's free and therefore it can be. Non free software writers put up with NDA's and code they can't share even if they wanted to. Their code is owned and so their effort and good will is likewise owned. Free software writers are free to share their tools as well as their improvements, so it's much easier to help your friends.
By the way, there's no law against being paid to write free software. With all the tools available, free software writers can get the job done faster and for less money. That's something worth paying for and many people do. The vast majority of software jobs are in house, so GPL distribution conditions never take effect and are not an issue. It would be better to share the work with others if you can, but you don't have to and often can't under those circumstances and there is therefore no difference at all between your choice of tools besides the lower cost of the free tools.