Vulnerability in Broadcom Wireless drivers

By | November 13, 2006

Broadcom Wireless-N network cards suffer from a buffer overflow vulnerability that allows remote code execution. The vulnerability exists in the Broadcom BCMWL5.SYS wireless device driver. This particular vulnerability is caused by improper handling of 802.11 probe responses containing a long SSID field.

Due to the nature of wireless networking, all that is required of the attacker is to be within range of the vulnerable machine. This vulnerability occurs at an extremely low level within the networking protocol, there may be difficulties in detecting these attacks using standard IDS/IPS methods.

The BCMWL5.SYS driver is bundled with new PCs from HP, Dell, Gateway, eMachines, and other computer manufacturers. Linksys, Zonet, and other wireless card manufactures also provide devices that ship with this driver. Broadcom has released a fixed driver to their partners, which are in turn providing updates for the affected products. Download the fixed driver here. Exploit is available here.

Leave a Reply