Wireless hack through driver errors for D-Link DWL-G132
The current flaw in the spotlight at the Month of Kernel Bugs is once again WLAN driver related. This time it's the Windows driver for D-Link's DWL-G132 (AirPlus Xtreme G) that puts attackers in a position to assume complete control of a system. H.D. Moore has released a Metasploit module to demonstrate the security hole.
The A5AGU.SYS driver for the DWL-G132 USB WLAN dongle bears the version number 126.96.36.199. The flaw is provoked by a WLAN beacon containing more than 36 bytes in the rate information element. Attackers can use the ensuing buffer overflow to smuggle arbitrary program code. The available Metasploit module allows attackers without extensive technical knowledge to build exploits that could penetrate vulnerable systems.
There is no updated drive from D-Link as yet. H.D. Moore is therefore recommending in his MoKB report that users use the driver for the D-Link WUA-2340 as a temporary workaround. To do so, users should install the latter driver, then reinstall the driver for the DWL-G132; once that is completed, the .sys and .bin files in the Windows\System32\Drivers folder can be replaced with those from the drivers subdirectory in the installation folder for the WUA 2340 drivers. Users of the NDIS wrapper allowing Windows WLAN drivers to work with operating systems like Linux should also check their driver version and install updated versions as necessary.
- D-Link DWL-G132 Wireless Driver Beacon Rates Overflow, security advisory from the MoKB
- Driver for D-Link WUA-2340 (does not contain bug)
- Driver for D-Link DWL-G132 (contains security bug)