Broadcom Wireless Vulnerability
Last Updated: 2006-11-12 01:09:18 UTC by Johannes Ullrich (Version:
2(click to highlight changes))
The "Month of Kernel Bug" project released an advisory with details
about a bug in Broadcoms Windows driver for its Wireless card. The
* Only effects the wireless driver, not the broadcom wired cards.
* The resepective file is BCMWL5.SYS Version 220.127.116.11 (this is the
version pointed out as vulnerable. Others may be vulnerable as well).
* Only Linksys published an official update at this time.
* Other vendors have later versions of this file available as
patches. It is not clear if they patch the problem or not.
* The problem is triggered by an overly long SSID
* the MOKB project published a metasploit module to ease
exploitation of this problem.
So much for now. Expect updates as we learn more.
Go ahead and patch your driver with whatever version they offer. If you
get a chance, test the exploit and see if it works against some of the
later versions. Of course, take care when doing so. The "known to be
fixed" version from Linksys is 18.104.22.168.
Whenever you don't use your wireless network, turn off the wireless
card. In particular if you are in a public space (airport, hotel).
Update: also see the ZERT advisory (no patch though. but the advisory