Vulnerability Note VU#209376
Broadcom wireless driver fails to properly process 802.11 probe response frames
A buffer overflow vulnerability exists in the Broadcom BCMWL5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition.
The BCMWL5.SYS driver is a wireless (802.11) device driver produced by Broadcom. See the systems affected section of this document for a list of vendors that ship this driver. In addition to laptop and desktop systems, this driver may also be used in access points, media centers, and other network appliances.
A buffer overflow vulnerability exists in the BCMWL5.SYS driver. An attacker may be able to trigger the overflow by sending a malformed SSID probe response frame to a vulnerable system. Since 802.11b and 802.11g management frames are not encrypted, using wireless encryption (WEP/WPA) does not mitigate this vulnerability.
A remote, unauthenticated attacker may be able to execute arbitrary code, or cause a denial-of-service condition on a vulnerable system.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Broadcom||Affected||-||17 Jan 2007|
|Dell Computer Corporation, Inc.||Affected||12 Nov 2006||17 Nov 2006|
|Linksys (A division of Cisco Systems)||Affected||12 Nov 2006||14 Nov 2006|
|Cisco Systems, Inc.||Not Affected||12 Nov 2006||15 Nov 2006|
|3com, Inc.||Unknown||13 Nov 2006||13 Nov 2006|
|Apple Computer, Inc.||Unknown||12 Nov 2006||12 Nov 2006|
|D-Link Systems, Inc.||Unknown||13 Nov 2006||13 Nov 2006|
|eMachines, Inc.||Unknown||20 Nov 2006||20 Nov 2006|
|Hewlett-Packard Company||Unknown||12 Nov 2006||12 Nov 2006|
|IBM Corporation||Unknown||13 Nov 2006||13 Nov 2006|
|Sony Corporation||Unknown||13 Nov 2006||13 Nov 2006|
|Toshiba||Unknown||12 Nov 2006||12 Nov 2006|
|ZyXEL||Unknown||13 Nov 2006||13 Nov 2006|
CVSS Metrics (Learn More)
This issue was publicly reported by Johnny Cache on The Month of Kernel Bugs Website.
This document was written by Ryan Giobbi.
- CVE IDs: Unknown
- Date Public: 11 Nov 2006
- Date First Published: 14 Nov 2006
- Date Last Updated: 17 Jan 2007
- Severity Metric: 1.63
- Document Revision: 46
If you have feedback, comments, or additional information about this vulnerability, please send us email.