My next class:

Broadcom Wireless Vulnerability

Published: 2006-11-12. Last Updated: 2006-11-12 01:09:18 UTC
by Johannes Ullrich (Version: 2)
0 comment(s)
The "Month of Kernel Bug" project released an advisory with details about a bug in Broadcoms Windows driver for its Wireless card. The high/low points:

  • Only effects the wireless driver, not the broadcom wired cards.
  • The resepective file is BCMWL5.SYS Version 3.50.21.10 (this is the version pointed out as vulnerable. Others may be vulnerable as well).
  • Only Linksys published an official update at this time.
  • Other vendors have later versions of this file available as patches. It is not clear if they patch the problem or not.
  • The problem is triggered by an overly long SSID
  • the MOKB project published a metasploit module to ease exploitation of this problem.
So much for now. Expect updates as we learn more.

Go ahead and patch your driver with whatever version they offer. If you get a chance, test the exploit and see if it works against some of the later versions. Of course, take care when doing so. The "known to be fixed" version from Linksys is 4.100.15.5.

Whenever you don't use your wireless network, turn off the wireless card. In particular if you are in a public space (airport, hotel).

Update: also see the ZERT advisory (no patch though. but the advisory explains why)

Keywords:
0 comment(s)
My next class:

Comments


Diary Archives