Broadcom Wireless Vulnerability
The "Month of Kernel Bug" project released an advisory with details about a bug in Broadcoms Windows driver for its Wireless card. The high/low points:
Go ahead and patch your driver with whatever version they offer. If you get a chance, test the exploit and see if it works against some of the later versions. Of course, take care when doing so. The "known to be fixed" version from Linksys is 4.100.15.5.
Whenever you don't use your wireless network, turn off the wireless card. In particular if you are in a public space (airport, hotel).
Update: also see the ZERT advisory (no patch though. but the advisory explains why)
- Only effects the wireless driver, not the broadcom wired cards.
- The resepective file is BCMWL5.SYS Version 3.50.21.10 (this is the version pointed out as vulnerable. Others may be vulnerable as well).
- Only Linksys published an official update at this time.
- Other vendors have later versions of this file available as patches. It is not clear if they patch the problem or not.
- The problem is triggered by an overly long SSID
- the MOKB project published a metasploit module to ease exploitation of this problem.
Go ahead and patch your driver with whatever version they offer. If you get a chance, test the exploit and see if it works against some of the later versions. Of course, take care when doing so. The "known to be fixed" version from Linksys is 4.100.15.5.
Whenever you don't use your wireless network, turn off the wireless card. In particular if you are in a public space (airport, hotel).
Update: also see the ZERT advisory (no patch though. but the advisory explains why)
Keywords:
0 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
Diary Archives
Comments