|
|
|
Vulnerability Note VU#209376Broadcom wireless driver fails to properly process 802.11 probe response framesOverviewA buffer overflow vulnerability exists in the Broadcom BCMWL5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition.I. DescriptionThe BCMWL5.SYS driver is a wireless (802.11) device driver produced by Broadcom. See the systems affected section of this document for a list of vendors that ship this driver. In addition to laptop and desktop systems, this driver may also be used in access points, media centers, and other network appliances.A buffer overflow vulnerability exists in the BCMWL5.SYS driver. An attacker may be able to trigger the overflow by sending a malformed SSID probe response frame to a vulnerable system. Since 802.11b and 802.11g management frames are not encrypted, using wireless encryption (WEP/WPA) does not mitigate this vulnerability. Some manufacturers and OEMs have released an upgraded driver to address this issue. See the Systems Affected section of this document for more information.
References
This issue was publicly reported by Johnny Cache on The Month of Kernel Bugs Website. This document was written by Ryan Giobbi.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||