Security researchers have discovered a buffer overflow vulnerability in the wireless driver that ships with a widely used D-Link wireless USB adapter that could enable attackers to gain control over an affected PC.
The vulnerability is in the wireless driver that ships with D-Link's DWL-G132 wireless USB adapter and results from the driver's failure to check the size of user-supplied data before copying it to the memory buffer, Symantec said in a Deepsight Threat Management System bulletin.
The flaw is triggered when the driver tries to process an excessively large beacon frame, which enables WLAN access points to initiate and maintain communication with each other. A successful exploit would enable an attacker to execute malicious code on the targeted PC, but even a failed attempt likely would crash the kernel and create a denial-of-service situation, according to Symantec.
Since the flaw is exploited via beacon frames, all vulnerable cards within range of the attacker will be affected, said HD Moore, director of security research at BreakingPoint Systems and developer of the open-source Metasploit vulnerability testing tool. Moore discovered the vulnerability.
The D-Link vulnerability, like the Broadcom wireless driver flaw reported over the weekend, is part of the Month Of Kernel Bugs (MoKB) project, which highlights common kernel flaws daily during November.
Though the Broadcom wireless driver flaw affects a wider range of systems, the D-Link exploit is much easier to automate because an attacker could continuously send the exploit traffic and automatically compromise anything within range, according to Moore. In contrast, the Broadcom exploit would require a second component that looks for probe requests from vulnerable clients and responds accordingly, Moore said.
Version 1.0.1.41 of the A5AGU.SYS driver that ships with the DWL-G132 is affected by the vulnerability. So far, D-Link hasn't posted a fix for the DWL-G132 issue.
However, a newer version of the A5AGU.SYS driver that ships with another D-Link product, the WUA-2340 RangeBooster G USB adapter, appears to address the issue, according to a post on the MoKB blog.
Symantec Deepsight assigned the D-Link vulnerability an aggregate threat rating of 9.6 on a 10-point scale.
|
Five Companies That Dropped The Ball This Week For the week ending Feb. 10, CRN looks at five companies that were either asleep at the wheel or just didn't make good decisions. |
|
Five Companies That Came To Win This Week For the week ending Feb. 10, CRN looks at five companies that brought their 'A' game and made moves to beat out competitors |
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Grow Your MSP Business Easily and Affordably with Cisco OnPlus Network Assessment, Management and Advisory Services
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
