Remote Malware Injection Via Flaw In Network Card 49
kfz-versicherung writes "During the CanSecWest international conference in Vancouver, members of ANSSI described how an attacker could be able to exploit a flaw to run arbitrary code inside some network controllers (full presentation; PDF). The attack uses routable packets delivered to the victim's NIC. Consequently, multiple attacks can be conducted including man-in-the-middle attacks on network connections, access to cryptographic keys on the host platform, or malware injection on the victim's computer host platform."
Re:For a little piece of mind (Score:4, Interesting)
Okay but will the UDP packets which cause the problem be well formed enough to be routed into your network from outside? In most cases if you have access to the local network all systems are vulnerable anyway.
Limited to Broadcom only? (Score:3, Interesting)
It seems that the presentation focuses heavily on the NetXtreme framework, which is specific to Broadcom. Doesn't Intel, the other major NIC vendor/manufacturer, use their own proprietary security and administrative protocols on their devices?
I wonder how secure Realtek's stuff is; their drivers/software leave me to think that their hardware code is ripe for discovery...
Mo bugs mo problems (Score:2, Interesting)
This may be more general than a specific card (Score:3, Interesting)
I recently heard that the simulated network card in virtualization systems can be a point of attack. So, this may be a more general issue than a specific card.
Re:+++ATH0 (Score:3, Interesting)
The only REAL fix is to disable the sequence in the modem.
Or to buy a modem from a manufacturer that implemented it properly. The escape sequence is not just "+++" - there has to be an interval before and after those characters in which no other bytes are sent to the modem. This can only happen if you're typing directly from a terminal, since there are always extra headers present if you're sending TCP/IP traffic.
If your modem was vulnerable to this then the manufacturer was either incompetent or intentionally screwing it up to avoid paying patent royalties.