Apple Airport 802.11 Exploit Published and the Value of HD Moore
apple airport 802.11 probe response kernel memory corruption
“the apple airport driver provided with orinoco-based airport cards (1999-2003 powerbooks, imacs) is vulnerable to a remote memory corruption flaw. when the driver is placed into active scanning mode, a malformed probe response frame can be used to corrupt internal kernel structures, leading to arbitrary code execution. this vulnerability is triggered when a probe response frame is received that does not contain valid information element (ie) fields after the fixed-length header. the data following the fixed-length header is copied over internal kernel structures, resulting in memory operations being performed on attacker-controlled pointer values.”
this is going to be an interesting “month of kernel bugs”.
some folks attack hd moore over releasing exploit code. they attack securiteam and milw0rm over publishing exploit code.
honestly? as much harm as hd supposedly causes according to others, he simply shows the world what’s going on all the time, he helps more, by far. by making exploit code public sooner rather than later (it always comes out), he helps (yes, he does) some kiddies write worms and bots, which in turn infect people.
at the same time, he actively protects the rest of us against the numerous other hd’s out there who are not white hat, and attack us by more than just using a mass/popular technique.
he lets us know we are at risk (the vulnerability is there whether it is public or not) and allows us to plan defenses and patch out systems.
the popularized techniques which swarm the internet will always exploit people, and the same ones at that.
in short, it may be easy for analysts to attack hd moore or securiteam for releasing exploit code, but in fact, what he does is protect us all and he should be appreciated. 0days exist, are being exploited in the wild and as things stand we have close to no protection against them (that counts) until we are aware of them.
thank you hd.