According to Dark Reading, there is a remotely exploitable bug in the madwifi drivers for Linux, discovered by a France Telecom researcher:
A researcher from France Telecom has discovered the first remotely exploitable 802.11 WiFi bug on a Linux machine. The kernel stack-overflow bug, which is in the open-source MadWiFi Linux kernel device driver, lets an attacker run their malicious code remotely on an infected machine — and the infected machine doesn’t even have to be on a WiFi network to get “owned.”
Laurent Butti, senior security expert for France Telecom’s Orange R&D, says all it takes is the client machine’s NIC to be activated and perform its automated scanning feature for WiFi access points in range, and the vulnerability is triggered. The attacker initially must be in wireless range of the victim for the code to execute the exploit, he says.
