[Tfug] Broadcom Wireless Driver Probe Response SSID Overflow
Angus Scott-Fleming
angussf at geoapps.com
Sat Nov 11 20:48:16 MST 2006
Might affect some Linux users, too:
------- Included Stuff Follows -------
Month of Kernel Bugs (MoKB): Broadcom Wireless Driver Probe Response SSID
Overflow
http://projects.info-pull.com/mokb/MOKB-11-11-2006.html
Broadcom Wireless Driver Probe Response SSID Overflow
Description: The Broadcom BCMWL5.SYS wireless device driver is
vulnerable to a stack-based buffer overflow that can lead to arbitrary
kernel-mode code execution. This particular vulnerability is caused by
improper handling of 802.11 probe responses containing a long SSID field.
The BCMWL5.SYS driver is bundled with new PCs from HP, Dell, Gateway,
eMachines, and other computer manufacturers. Broadcom has released a fixed
driver to their partners, which are in turn providing updates for the
affected products. Linksys, Zonet, and other wireless card manufactures
also provide devices that ship with this driver.
[snip]
All tests were performed with version 3.50.21.10 of the BCMWL5.SYS driver.
Although this driver is for the Windows operating system, Linux and
FreeBSD users of the ndiswrapper tool should determine if they are using
BCMWL5.SYS and upgrade accordingly.
--------- Included Stuff Ends ---------
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+-----------------------------------+
More information about the tfug
mailing list