Discovering and exploiting 802.11 wireless driver vulnerabilities

IEEE: local and metropolitan area networks, specific requirements, part 11: Wireless LAN Medium Access Control (MAC) and physical layer (PHY) specifications (1997–1999) Cache, J., Maynor, D.: Device drivers, http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Cache.pdf (2006) Black Hat Conference: http://www.blackhat.com Cache, J., Maynor, D.: Hijacking a MacBook in 60 seconds. http://www.youtube.com/watch?v=chtQ1bcHLZQ (2006) James, W.: Thompson’s blog, http://he-colo.netgate.com/archives/00000465.htm (2006) Cédric Blancher’s blog: http://sid.rstack.org/blog/index.php/2006/10/02/133-se-paierait-on-notre-pomme (2006) Maynor, D.: Its V-A day.... http://erratasec.blogspot.com/2007/02/its-v-day.html (2007) Lemos, R.: Maynor reveals missing apple flaws http://www.securityfocus.com/news/11445 (2007) Johnny Cache’s mail: http://lists.immunitysec.com/pipermail/dailydave/2006-September/003459.html (2006) Wikipedia, Rings: http://en.wikipedia.org/wiki/Ring_%28computer_security%29 Miller B.: Fuzz testing of application reliability, http://www.cs.wisc.edu/bart/fuzz/ (1990–2006) Fuzzing Mailing List: The definition of what a fuzzer really is... is fuzzy, http://www.whitestar.linuxbox.org/pipermail/fuzzing/2006-May/000033.html (2006) Month of Browser Bugs: http://browserfun.blogspot.com/ (2006) Month of Kernel Bugs: http://kernelfun.blogspot.com/ (2006) Month of Apple Bugs: http://applefun.blogspot.com/ (2007) Month of PHP Bugs: http://www.php-security.org/ (2007) L.M.H.: fsfuzzer, http://projects.info-pull.com/mokb/fsfuzzer-0.6-lmh.tgz (2006) Jean Tourillhes: Wireless Tools for Linux, http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html, 1996–2007 Dino, A., Zovi D., Macaulay, S.: Attacking automatic wireless network selection, http://www.theta44.org/karma/aawns.pdf (2005) Toast: airpwn, http://sourceforge.net/projects/airpwn (2004–2006) Blancher, C.: wifitap, http://sid.rstack.org/index.php/Wifitap (2005–2006) Butti, L.: Raw Glue AP, http://rfakeap.tuxfamily.org/ (2005–2006) Cache, J.: fuzz-e, http://www.802.11mercenary.net/code/airbase-latest-svn.tar.gz (2006) NetStumbler.com, NetStumbler, http://www.netstumbler.com/ (2001–2007) Wright, J., Too, S.O., Kershaw, M.: 802.11b firmware-level attacks, http://802.11ninja.net/papers/firmware_attack.pdf (2006) Multiband Atheros Driver for Wireless Fidelity: madwifi, http://www.madwifi.org/ (2004–2006) Aircrack-ng: madwifi-ng injection patch, http://patches.aircrack-ng.org/madwifi-ng-r1816.patch (2006) Wright, J., Kershaw, M.: Loss of radio connectivity, http://www.802.11mercenary.net/lorcon/ (2006–2007) Cache, J., Moore, H.D.: skape, exploiting 802.11 wireless driver vulnerabilities on windows, http://www.uninformed.org/?v=6&a=2&t=sumry (2006) Biondi, P.: Scapy, http://www.secdev.org/scapy (2003–2007) Metasploit, L.L.C.: Metasploit, http://www.metasploit.com/, 2003–2007 Butti, L.: NetGear MA521 wireless driver long rates overflow (CVE-2006-6059), http://kernelfun.blogspot.com/2006/11/mokb-18-11-2006-netgear-ma521-wireless.html (2006) Butti, L.: NetGear WG311v1 wireless driver long SSID overflow (CVE-2006-6125), http://kernelfun.blogspot.com/2006/11/mokb-22-11-2006-netgear-wg311v1.html (2006) Butti, L.: D-link DWL-G650+ wireless driver long TIM overflow (CVE-2007-0933), http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0933 (2007) Butti, L.: Wi-Fi advanced fuzzing, http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Butti (2007) Butti, L., Razniewski, J., Tinnés, J.: Madwifi SIOCSIWSCAN vulnerability (CVE-2006-6332), http://archives.neohapsis.com/archives/dailydave/2006-q4/0291.html (2006) Madwifi : Release 0.9.2.1 fixes critical security issue, http://kernelfun.blogspot.com/2006/11/mokb-22-11-2006-netgear-wg311v1.html (2006) Tinnés, J., Butti, L.: madexploit.c, http://archives.neohapsis.com/archives/dailydave/2006-q4/att-0298/madexploit.c (2006) Guillot, Y.: metasm, http://www.sstic.org/SSTIC07/programme.do#GUILLOT (2006–2007)