Slashdot Mirror


Device Drivers Filled with Flaws, Pose Risk

Gary W. Longsine writes "Security Focus describes device drivers as an untapped source of buffer overflows, posing substantial risk not typically considered as part of a standard risk assessment. The security risks of device drivers on both Windows and Linux, including network (remotely exploitable) and hardware drivers (typically only locally exploitable) are discussed in the article. I've noticed that software you wouldn't expect sometimes installs a device driver component. I can understand this as a component of an antivirus or host based firewall, but it seems to be an oddly common design pattern on Windows, which clearly poses substantial risk."

2 of 189 comments (clear)

  1. One hardware driver one from way back. by Anonymous Coward · · Score: 5, Interesting

    Sending a modem user a ping with +++ATH0 embedded. As soon as it was returned, those modems with defective modem drivers that didn't filter anything would hang up. Quick simple DoS.

    Surprisingly it still works on some systems more than 18 years after I first tried it.

  2. Multimedia Keyboards by Lucractius · · Score: 5, Interesting

    seems these are almost everywhere these days. and with all the odd keys a lot of them Do need their own custom drivers for the extra keys and knobs and dials etc.

    whatever happend to the good old days when an IBM model M was all you needed :)

    --
    XML - A clever joke would be here if /. didn't mangle tag brackets.