Roger:

Thanks for posting a reminder urging notebook users with wireless cards to make sure they have the latest drivers.

Downloanding and implementing updated drivers is not the most intuitive experience and we are working at Dell to make it easier than ever in the near future for Dell customers to find the latest drivers and chose which ones they want / need to download.

After reading your post this morning, I went to see if the new Dell/Broadcom driver was posted, and found it. According to the website we released it on Nov 15.

For others looking for this driver, follow these instructions:

- go to dell.com/support
- click on drivers and downloads (upper left quadrant of screen)
- New screen: type in either a: a system service tag (white label found on the bottom of the system) or b: from the drop down windows chose the system line (Latitude, Inspiron, Precision) and model number (e.g. D610).
- New screen: Choose your operating system (e.g. Windows XP), language (e.g. English), click on find downloads
- New screen: click on Network
- From the expanded list choose your wireless card/component. (e.g. Dell Wireless 1350, 1370, etc. -- all Dell Wireless products are based on Broadcom technologies.)
-For users with "Centrino" systems, download the latest Intel PRO/Wireless driver. Intel updated its driver with some significant security updates in the last couple of months as well.

Regards,

anne@dell

Here is the link

http://support.dell.com/support/downloads/download.aspx?c=us&l=en&s=gen&releaseid=R140747&SystemID=LATITUDE%20D620&os=WW1&osl=en&deviceid=9805&devlib=0&typecnt=1&vercnt=8&formatcnt=1&libid=5&fileid=187881

Hi Roger,

I saw your article regarding the vulnerabilities for wireless-N and the
trouble you had with getting the Linksys firmware? We have had the
firmware posted for quite a while... it is here available for all customers to download:

http://www.Linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=U
S%2FLayout&cid=1115417109934&packedargs=sku%3D1144763513196&pagename=Lin
ksys%2FCommon%2FVisitorWrapper


I'm not sure who you talked to in tech support -- but it is downloadable off our Download section of our website.

If you have any other questions about this -- please let me know

Karen at Linksys

Intel wireless drivers vulnerable, patch available. Here's the original EEye advisory:

eEye Research - http://research.eeye.com

Intel Network Adapter Driver Local Privilege Escalation

Release Date:
December 7, 2006

Date Reported:
July 10, 2006

Severity:
Medium (Local Privilege Escalation to Kernel)

Systems Affected:
Windows 2000, XP, 2003, Vista
Intel PRO 10/100 - 8.0.27.0 or previous
Intel PRO/1000 - 8.7.1.0 or previous
Intel PRO/1000 PCI - 9.1.30.0 or previous Linux
Intel PRO 10/100 - 3.5.14 or previous
Intel PRO/1000 - 7.2.7 or previous
Intel PRO/10GbE - 1.0.109 or previous
UnixWare/SCO6
Intel PRO 10/100 - 4.0.3 or previous
Intel PRO/1000 - 9.0.15 or previous

Overview:
eEye Digital Security has discovered a vulnerability in all Intel network adapter drivers ("NDIS miniport drivers") that could allow unprivileged code executing on an affected system to gain unfettered, kernel-level access. For instance, a malicious user, malware, or exploit payload taking advantage of an unrelated vulnerability could additionally exploit this vulnerability in order to completely compromise a system at the kernel level.

The vulnerability is a simple strcpy-based stack buffer overflow within the Intel miniport driver, and can be reliably exploited on all versions of Windows in order to execute arbitrary code.

Technical Details:
Despite the low level occupied by NDIS miniport drivers, it is possible for unprivileged user-mode code to communicate with them via NDIS-brokered requests for network adapter statistics. An IOCTL_NDIS_QUERY_SELECTED_STATS (0x17000E) request made to "\Device\{adapterguid}" will cause NDIS.SYS to invoke the QueryInformationHandler routine registered by the miniport driver in its call to NdisMRegisterMiniport. The input buffer supplied with this IOCTL is a list of 32-bit OIDs corresponding to the statistics of interest, each of which is passed individually to QueryInformationHandler, which contains the code necessary to retrieve the statistic and return it in the provided output buffer.

In the case of Intel miniport drivers, certain OID handlers will process the contents of the output buffer. On Windows 2000, a pointer to the user-supplied buffer is passed directly to the miniport driver, meaning this data is under user control. (Windows XP and later passes in a pointer to a temporary buffer in kernel memory containing undefined data, which can be controlled by "seeding" pool memory from user-mode prior to attempting exploitation.)

The handler for OID 0xFF0203FC attempts to copy a string from the output buffer into a stack variable using essentially the following strcpy
operation:

strcpy(&(var_1D4.sz_62), (char*)InformationBuffer + 4)

Therefore, supplying a 0x17A-character string (at offset +0x0C within the output buffer, because NDIS uses the first 8 bytes for its own
purposes) will cause the handler function's return address to be entirely overwritten, allowing execution to be redirected to an arbitrary user- or kernel-mode address.

Despite vendor sentiment to the contrary, it should be understood that driver flaws really are and have always been a major threat. Local exploitation of this vulnerability will result in arbitrary code execution, providing a level of access that amounts to "the keys to the kingdom."

Protection:
Retina - Network Security Scanner has been updated to identify this vulnerability.

Vendor Status:
Intel has released a patch for this vulnerability which is available at http://support.intel.com/support/network/sb/CS-023726.htm.

Credit:
Derek Soeder

Related Links:
Retina - Network Security Scanner - Free Trial:
http://www.eeye.com/html/products/retina/download/index.html
Blink - Unified Client Security Personal - Free For Home Use:
http://www.eeye.com/html/products/blink/personal/download/index.html
Blink - Unified Client Security Professional - Free Trial:
http://www.eeye.com/html/products/blink/download/index.html

Greetings:
F1: the very best of luck to you. To Gliko and to Mr. and Mrs. Mike:
congrats! cDc for holding the best Vegas party. TA, WC, MF, DKP, DM, BN, MP, CSam, HTP, RS, SY, and the G in GUI.

Copyright (c) 1998-2006 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission.

Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition.
There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.