By Eric Griffith
April 16, 2007
Apple and Cisco both took the time to patch some problems with their Wi-Fi implementations last week. And the Linux community seems to have already fixed theirs.
Techworld.com reported last week that, despite there not being many Linux Wi-Fi drivers, the popular MADWiFi Linux kernel device driver for Atheros-based chips has a remotely executable exploit. It can be used even if the computer in question isn’t on a Wi-Fi network. It was discovered late last year using “fuzzing” techniques, similar to that used to find problems with Windows and Mac Wi-Fi in the past.
The researcher who found the problem, Laurent Butti of France Telecom Orange, told the MADWiFi development team about it before he showed it at the recent Black Hat conference, so a patch is already in place, at least for some Linux distributions. MADWiFi’s site states that there “is currently no known security issue that needs to be addressed.”
Cisco, meanwhile, issued an advisory about vulnerabilities in its Wireless Control System (WCS), which works with Cisco’s lightweight APs and controllers, as well as issues with the Wireless LAN Controller (WLC) that leave systems open to denial of service attacks and worse. The company has issued patches for all the systems that fix the problems.
Apple’s Wi-Fi fix — drowned out by the rumors of a Wi-Fi-equipped iPod on the horizon — was for the Airport Extreme Base Station with 802.11n. Version 7.1 of the firmware adds support for IPv6, prevents file names on a password-protected disk from being viewed by all comers, and more.