After being informed by a security researcher that their Spectrum 24 Wireless chipset drivers store the WEP Key, Passwords, etc in a shared memory section without the required security descriptor--allowing any other application to access it--intel take 2 months to release a 130MB "patch"-file. The so-called patch-file (it is actually a full 32-bit + 64-bit driver + software CD-package) is flawed, leaking memory, consuming file handles and slowing the system down. Good work, intel.
The solution--for now--is to download the driver-only package (just 5MB, not 2100) and abandon the intel PROSet services software, using the inbuilt Windows Wireless Zero Config instead - it is the intel config software that has the problem, not the driver.
!!! Important !!!
Do not allow the memory leak to obscure the security message. The security flaw affects all earlier releases before the current one, and can allow full access to everything on the machine. You need to update your Centrino Wireless drivers NOW!
These are the drivers + PROSet/Wireless software unaffected by the security issue; *all* earlier versions are affected, and have been removed from the Modem-Help site:
PRO/Wireless 2100 Network Connection:
Driver : v1.2.4.37
PROSet: v7.1.4.6
Intel® PRO/Wireless 2200BG Network Connection:
Intel® PRO/Wireless 2915ABG Network Connection:
Intel® PRO/Wireless 3945ABG Network Connection:
Driver : v9.0.4.16
PROSet: v10.5
The updated driver-set will be on the Modem-Help Downloads site shortly (it is being uploaded as this is posted).
!!! Important !!!
More Info:
Timeline:
02-May-2006: Rubén Santamarta informs intel of the security hole in S24EvMon.exe.
Quote:
Testing a vuln-finder application ... found a flaw within S24EvMon.exe ... service uses a shared memory section which is created without the proper security descriptor, allowing unprivileged users to perform operations like Delete, Read or Write ... is named "S24EventManagerSharedMemory" ... this shared memory is used to store, in plain text, confidential information like WEP Key, Passwords...
Security vulnerabilities ... in the Windows drivers for the 2200BG and 2915ABG (w22n50.sys, w22n51.sys, w29n50.sys, w29n51.sys), ... These flaws are due to a memory corruption while parsing certain frames.
A security vulnerability ... PROSet/Wireless Software 7.x, 8.x, 9.x, and 10.x ... This flaw is due to insecure usage of the shared memory.
2100 Network Connection Security Vulnerability ... PROSet/Wireless 7 ... This flaw is due to a memory corruption while handling requests for capabilities from higher-level protocol drivers or user-level applications.
An hour or two later: An axe hits the laptop as the user discovers that they have lost all their WEP/WPA keys (need exporting before updating the drivers/software) and that now all the laptop-specific software does not work with the new intel apps (get the update from the laptop manufacturer, not intel).
11-Aug-2006: intel split the driver up into separate 32-bit and 64-bit Windows versions, at a mere 50+MB each.
21-Aug-2006: Everybody starts to notice that the PROSet software is leaking memory. By this time, Dell has 90MB updated drivers out to fix the original problem, with exactly the same memory-leak issue.
intel has acknowledged the buggy v10.5.0.0 software, and released a fix yesterday (Saturday 27 Aug 06), contained within the v10.5.0.1 driver packages. These are available as both full PROSet + driver package, and also as driver-only packages.
The old buggy drivers + software have been removed from the Modem-Help directories and replaced with the newer packages.
3965abg PCI Express X1 Wireless-LAN adapter:
Although not announced anywhere on the intel site, the v10.5.0.0 package contained v10.5.1.57 drivers with the first references to 3965abg adapters. They and their 3945abg + 3945bg sisters were my first introduction to the PCI Express bus - yet another proprietary extension intentioned to leverage the Centrino motherboards, and drive the laptop market for intel. Having said that, let's give credit where credit is due, and point out that intel are providing AMD64-drivers alongside the standard 32-bit Windows-2000 and Windows-XP drivers.
I have been spending my time getting my head up inside this new architecture. The chipsets are already up on the site, and modems within the new drivers will be appearing on this site across the next few hours. _________________ Alex Kemp
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
