Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Apple flaw kicks off second month of bugs
Published: 2006-11-01

Security researchers published on Wednesday the details of a flaw in Apple's Airport wireless driver, kicking off a plan to release a software bug in the core system code, or kernel, of major operating systems every day throughout the month of November.

The Month of Kernel Bugs is the brainchild of a security researcher and contributor to the Metasploit Project who uses the moniker "L.M.H." The initiative resembles another kicked off by Metasploit's founder, HD Moore, that publicized a browser flaw every day last July.

The researcher also asked other flaw finders last week to contribute any interesting vulnerabilities to the Month of Kernel Bugs. The flaw in Apple's Airport driver posted this week was found by HD Moore, according to an advisory about the flaw.

L.M.H. used the event to chastise critics of two researchers, David Maynor and Jon Ellch, who were castigated by many Apple users for claiming during a Black Hat presentation that they had found flaws in wireless drivers, including Apple's wireless drivers.

"With all the hype and buzz about the now infamous Apple wireless device driver bugs--brought to attention at Black Hat by Johnny Cache and David Maynor, covered up and FUD'ed by others--hopefully this will bring some light--better said, proof--about the existence of such flaws in the Airport device drivers," L.M.H. stated on the Month of Kernel Bug's site.

Many of the flaws found by L.M.H. come from using a data mangling, or fuzzing, tool known as fsfuzzer. Characterized as a rudimentary fuzzer by one researcher, the software creates a file system filled with random data. Subjecting an operating system's kernel to various permutations of the data in many cases causes crashes, which may be able to be exploited.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus