SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Device (Embedded Server/Appliance)  >  Wireless 802.11 (Generic) Vendors:  Broadcom
Broadcom Wireless Device Driver SSID Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017212
SecurityTracker URL:  http://securitytracker.com/id?1017212
CVE Reference:  CVE-2006-5882   (Links to External Site)
Updated:  May 30 2008
Original Entry Date:  Nov 13 2006
Impact:  Execution of arbitrary code via network, Root access via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): BCMWL5.SYS version 3.50.21.10; possibly other versions
Description:  A vulnerability was reported in the Broadcom BCMWL5.SYS wireless device driver. A remote user can execute arbitrary code on the target system.

A remote user on the wireless network can send 802.11 probe responses containing a specially crafted SSID field value to trigger a stack overflow in the 'BCMWL5.SYS' driver and execute arbitrary code on the target system. The code will run with kernel level privileges on the target service.

Several PC vendors are reportedly affected, including HP, Dell, Gateway, and eMachines.

Some wireless card vendors, including Linksys and Zonet, are also affected.

Johnny Cache discovered this vulnerability.

A demonstration exploit is available at:

http://projects.info-pull.com/mokb/MOKB-11-11-2006.html
Impact:  A remote user on the wireless network can execute arbitrary code on the target system.
Solution:  The vendor has issued a fixed version, available to their OEM and product licensing partners.

A fixed version for one affected Linksys product is available at [wrapped]:

http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout
&cid=1115417109934&packedargs=sku%3D1144 763513196&pagename=Linksys%2FCommon%2FVisitorWrapper

Other partners/distributors may issue separate fixes.
Vendor URL:  www.broadcom.com/ (Links to External Site)
Cause:  Boundary error

Message History:   None.

 Source Message Contents
Date:  Mon, 13 Nov 2006 01:43:49 -0500
Subject:  Broadcom Wireless Driver Probe Response SSID Overflow

 
 
http://projects.info-pull.com/mokb/MOKB-11-11-2006.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC