Brent Miller wrote: > Hello everyone, > > While playing around with the nessus network scanning > program today I noticed that when I scan my wireless > laptop (using the linux-wlan-ng drivers), nessus > informs me that my ethernet driver is susceptible to a > 'Etherleak' attack. This struck me as being weird as I > remember seeing a security advisory just a little > while ago saying to upgrade the kernel as this had > been discovered and fixed. So just out of curiosity, I > took out my wireless card and put in an old ethernet > card and the warning went away. > > Since I'm not too sure how to carry out the attack, > and I don't know if the vulnerability really exists or > is just a false positive within nessus, can anybody > else confirm this? > > Both the machine running nessus (2.0.7-2) and the > laptop are running unstable and the laptop has: > linux-wlan-ng 0.2.0-12 w/ modules compiled against > kernel-source-2.4.21 2.4.21-5, > kernel-image 2.4.21-5-586tsc, > wireless card is a netgear MA401, > ethernet card is a linksys PCM100, > > Please include me in the cc as I'm not on the list. Thanks for letting us know about this. I have not yet been able to try to verify the problem, but I did look at the source of nesses, and it uses an active probe, and not fingerprinting, and I doubt it would be a false positive. I have also passed your message on to the author of the linux-wlan-ng drivers, and I am Ccing this message to Debian's security team. Here's some more information about the etherleak family of vulnerabilities: http://www.atstake.com/research/advisories/2003/a010603-1.txt -- see shy jo
Attachment:
pgpUqQBZvLx2t.pgp
Description: PGP signature