Vulnerability in Ralink Technology wireless driver
A vulnerability has been discovered in the driver of a Ralink wireless card that can be exploited to crash the computers involved. Secunia adds that it has the potential to allow arbitrary code to be run in kernel mode. Attackers only have to insert a specially crafted wireless network name (SSID) in a probe request packet, and need not know the SSID or MAC address of targeted machines. Probe requests containing SSID parameters between 128 and 256 bytes in length will cause an integer overflow in a target system, if the card is running in the, albeit less commonly used, ad hoc mode.
The vulnerability has been found on Windows 2000 systems with the Ralink RT73 V3.08 wireless USB stick and the latest driver, but other Ralink devices and operating systems may also be affected. Ralink has not yet provided a bugfix; Secunia advises against using ad hoc mode.
- Ralinktech wireless cards drivers vulnerability, security advisory from Neohapsis
- Ralink Wireless Drivers Probe Request Processing Vulnerability, Secunia advisory