ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] Intel Centrino Vulnerabilities



ðÏÓÍÏÔÒÉÍ, ÞÔÏ ÒÁÓÓËÁÖÕÔ ÎÁ Blackhat...


http://isc.sans.org/diary.php?storyid=1535

Intel Centrino Vulnerabilities (NEW)
Published: 2006-08-01,
Last Updated: 2006-08-01 21:51:10 UTC by Toby Kohlenberg (Version: 2(click to 
highlight changes))

Intel has released driver security updates for Centrino device drivers for 
Windows and for the PROSet management software.
http://support.intel.com/support/wireless/wlan/sb/CS-023068.htm

There are three issues identified:
Intel(r) Centrino Wireless Driver Malformed Frame Remote Code Execution
http://support.intel.com/support/wireless/wlan/sb/CS-023065.htm
Intel(r) PROSet/Wireless Software Local Information Disclosure
http://support.intel.com/support/wireless/wlan/sb/CS-023066.htm
Intel(r) Centrino Wireless Driver Malformed Frame Privilege Escalation
http://support.intel.com/support/wireless/wlan/pro2100/sb/CS-023067.htm

The first and the third seem to be most severe. At this point we don't know of 
any public exploits for these vulnerabilities. The second one (PROSet info 
disclosure) has been around for a while and is known but local only.

The announcements contain details on which drivers are vulnerable as well as 
links to patches and a tool to determine which version you have-
http://support.intel.com/support/wireless/wlan/sb/cs-005905.htm

Below are the summaries of the affected platforms
Intel(r) Centrino Wireless Driver Malformed Frame Remote Code Execution
    * Intel(r) PRO/Wireless 2200BG Network Connection
    * Intel(r) PRO/Wireless 2915ABG Network Connection

Intel(r) PROSet/Wireless Software Local Information Disclosure
    * Intel(r) PRO/Wireless 2100 Network Connection
    * Intel(r) PRO/Wireless 2200BG Network Connection
    * Intel(r) PRO/Wireless 2915ABG Network Connection
    * Intel(r) PRO/Wireless 3945ABG Network Connection

Intel(r) Centrino Wireless Driver Malformed Frame Privilege Escalation
    * Intel(r) PRO/Wireless 2100 Network Connection

The details of which drivers are listed on the pages and we recommend you look 
there.

As far as we know, these will not be delivered via the Microsoft Update tool. 
You will need to download and install them manually unless your system vendor 
(the folk who make your laptop) provides an automated tool for you. Before you 
download and install these, we strongly suggest you talk to your system vendors 
and see if they are coming out with custom versions of the patches.

On a related note- there will be a talk on exploiting device drivers on 
Wednesday 8/2/06 at Blackhat Vegas. Anyone who can make it should go.




 




Copyright © Lexa Software, 1996-2009.