These days, most of us can use our Wi-Fi cards on Linux using native drivers. Some of us, though, are still stuck with using Windows drivers on Linux. This kludge is usually done by using the Windows driver with NDISwrapper. Unfortunately, it’s recently been discovered that there’s a crack in the kludge.
Specifically, Anders Kaseorg, a Linux developer, discovered that NDISwrapper did not correctly handle long ESSIDs (Extended Service Set ID), the optional ID name that’s sent from some Wi-Fi access points. According to Kaseorg, “If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service.”
Actually, it’s bigger than just a problem that could crash a system. Secunia, a security company, stated that “Successful exploitation may allow execution of arbitrary code.” In other words, you could use the bug to crack PCs and take control of them.
Fortunately, the bug, which was discovered in early October, already has a fix. Ubuntu has already issued a patch, and the other major Linux distributors are in the process of rolling out fixes for the problem.