Linux also affected by hole in Ralink's Wi-fi driver
The flaw discovered in Ralink's Wi-fi drivers for Windows last weekend also affects the Linux drivers – as already suspected. Attackers can exploit the hole to crash a computer remotely or possibly even inject and execute arbitrary code. Debian has released new packages for the rt2400, rt2500 and rt2570 models, but the packages need to be compiled by the user for the time being.
The hole is caused by an integer overflow when receiving probe requests that a long SSID of between 128 and 256 bytes in length. The card or stick has to run in the less frequently used ad-hoc mode for the hole to appear. Other Linux distributions aside from Debian are also likely to be affected, especially those who use the manufacturer's drivers rather than drivers they developed for the Wi-fi card and stick as part of the distributions.
See also:
- rt2570 - integer overflow, report by Debian
- rt2500 - integer overflow, report by Debian
- rt2400 - integer overflow, report by Debian
- Vulnerability in Ralink Technology wireless driver, a heise UK report
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
