At ShmooCon one talk discussed a somewhat obvious and not that exciting (to me) feature of Windows wireless networking. I don't consider automatic network connectivity to be a vulnerability, only a bad design choice. However, this morning I read this advisory on a real wireless vulnerability in FreeBSD's (and possible other BSD's) wireless code. From the advisory:
II. Problem Description
An integer overflow in the handling of corrupt IEEE 802.11 beacon or
probe response frames when scanning for existing wireless networks can
result in the frame overflowing a buffer.
III. Impact
An attacker able broadcast a carefully crafted beacon or probe response
frame may be able to execute arbitrary code within the context of the
FreeBSD kernel on any system scanning for wireless networks.
That's cool. Insert wireless NIC, be 0wn3d. I'm glad I heard about this prior to Black Hat Federal next week.
0 komentar:
Posting Komentar