| Let the Month of Kernel Bugs Begin |
 |
 |
 |
| Written by Editor |
| Wednesday, 01 November 2006 18:46 |
|
A couple of months ago we had the Month of Browser bugs, where every day for a month a new browser vulnerability was released. Well it is back and this time the heart of the operating system gets the treatment, the Kernel. Today saw the first of the MoKB releases, the bug is a remote memory corruption flaw that can lead to arbitrary code execution in the Apple Airport drivers provided for Orinoco base Apple Airport cards.The vulnerability is triggered when a probe response frame is received that does not contain valid information element (IE) fields after the fixed-length header. The data following the fixed-length header is copied over internal kernel structures, which as a result allows memory operations to performed on attacker controlled pointers. Along with the release of the vulnerability details proof of concept code was released in the form of a Metasploit Framework 3.0 module. The Month of Kernel Bugs can be found here, with the credit for the first of the MoKB advisories going to security researcher H D Moore. Add this page to your favorite Social Bookmarking websites          |