SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#209376

Broadcom wireless driver fails to properly process 802.11 probe response frames

Overview

A buffer overflow vulnerability exists in the Broadcom BCMWL5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition.

I. Description

The BCMWL5.SYS driver is a wireless (802.11) device driver produced by Broadcom. See the systems affected section of this document for a list of vendors that ship this driver. In addition to laptop and desktop systems, this driver may also be used in access points, media centers, and other network appliances.

A buffer overflow vulnerability exists in the BCMWL5.SYS driver. An attacker may be able to trigger the overflow by sending a malformed SSID probe response frame to a vulnerable system. Since 802.11b and 802.11g management frames are not encrypted, using wireless encryption (WEP/WPA) does not mitigate this vulnerability.

Note that Linux or Unix systems that use NDISWrapper or similar technologies to load the BCMWL5.SYS driver may also be vulnerable.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code, or cause a denial-of-service condition on a vulnerable system.

III. Solution

Upgrade

Some manufacturers and OEMs have released an upgraded driver to address this issue. See the Systems Affected section of this document for more information.

Disable wireless adapters

Disabling wireless adapters may reduce the chances of this vulnerability being exploited.

Use wired networking methods until updates can be applied

Using wired networks, such as Ethernet adapters or other extended LAN technologies, until vulnerable wireless drivers can be updated will prevent this vulnerability from being exploited.

Systems Affected

VendorStatusDate Updated
3com, Inc.Unknown13-Nov-2006
Apple Computer, Inc.Unknown12-Nov-2006
BroadcomVulnerable17-Jan-2007
Cisco Systems, Inc.Not Vulnerable15-Nov-2006
D-Link Systems, Inc.Unknown13-Nov-2006
Dell Computer Corporation, Inc.Vulnerable17-Nov-2006
eMachines, Inc.Unknown20-Nov-2006
Hewlett-Packard CompanyUnknown12-Nov-2006
IBM CorporationUnknown13-Nov-2006
Linksys (A division of Cisco Systems)Vulnerable14-Nov-2006
Sony CorporationUnknown13-Nov-2006
ToshibaUnknown12-Nov-2006
ZyXELUnknown13-Nov-2006

References


http://projects.info-pull.com/mokb/MOKB-11-11-2006.html
http://secunia.com/advisories/22831/

Credit

This issue was publicly reported by Johnny Cache on The Month of Kernel Bugs Website.

This document was written by Ryan Giobbi.

Other Information

Date Public11/11/2006
Date First Published11/14/2006 12:25:11 PM
Date Last Updated01/17/2007
CERT Advisory 
CVE Name 
US-CERT Technical Alerts 
Metric1.63
Document Revision46

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader