Researcher Unearths D-Link Wireless Driver Flaw

buffer vulnerability driver USB

The vulnerability is in the wireless driver that ships with D-Link's DWL-G132 wireless USB adapter and results from the driver's failure to check the size of user-supplied data before copying it to the memory buffer, Symantec said in a Deepsight Threat Management System bulletin.

The flaw is triggered when the driver tries to process an excessively large beacon frame, which enables WLAN access points to initiate and maintain communication with each other. A successful exploit would enable an attacker to execute malicious code on the targeted PC, but even a failed attempt likely would crash the kernel and create a denial-of-service situation, according to Symantec.

Since the flaw is exploited via beacon frames, all vulnerable cards within range of the attacker will be affected, said HD Moore, director of security research at BreakingPoint Systems and developer of the open-source Metasploit vulnerability testing tool. Moore discovered the vulnerability.

The D-Link vulnerability, like the Broadcom wireless driver flaw reported over the weekend, is part of the Month Of Kernel Bugs (MoKB) project, which highlights common kernel flaws daily during November.

id
unit-1659132512259
type
Sponsored post

Though the Broadcom wireless driver flaw affects a wider range of systems, the D-Link exploit is much easier to automate because an attacker could continuously send the exploit traffic and automatically compromise anything within range, according to Moore. In contrast, the Broadcom exploit would require a second component that looks for probe requests from vulnerable clients and responds accordingly, Moore said.

Version 1.0.1.41 of the A5AGU.SYS driver that ships with the DWL-G132 is affected by the vulnerability. So far, D-Link hasn't posted a fix for the DWL-G132 issue.

However, a newer version of the A5AGU.SYS driver that ships with another D-Link product, the WUA-2340 RangeBooster G USB adapter, appears to address the issue, according to a post on the MoKB blog.

Symantec Deepsight assigned the D-Link vulnerability an aggregate threat rating of 9.6 on a 10-point scale.