SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Wireless 802.11 (Generic) Vendors:   Broadcom
Broadcom Wireless Device Driver SSID Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017212
SecurityTracker URL:  http://securitytracker.com/id/1017212
CVE Reference:   CVE-2006-5882   (Links to External Site)
Updated:  May 30 2008
Original Entry Date:  Nov 13 2006
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): BCMWL5.SYS version 3.50.21.10; possibly other versions
Description:   A vulnerability was reported in the Broadcom BCMWL5.SYS wireless device driver. A remote user can execute arbitrary code on the target system.

A remote user on the wireless network can send 802.11 probe responses containing a specially crafted SSID field value to trigger a stack overflow in the 'BCMWL5.SYS' driver and execute arbitrary code on the target system. The code will run with kernel level privileges on the target service.

Several PC vendors are reportedly affected, including HP, Dell, Gateway, and eMachines.

Some wireless card vendors, including Linksys and Zonet, are also affected.

Johnny Cache discovered this vulnerability.

A demonstration exploit is available at:

http://projects.info-pull.com/mokb/MOKB-11-11-2006.html

Impact:   A remote user on the wireless network can execute arbitrary code on the target system.
Solution:   The vendor has issued a fixed version, available to their OEM and product licensing partners.

A fixed version for one affected Linksys product is available at [wrapped]:

http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout
&cid=1115417109934&packedargs=sku%3D1144763513196&pagename=Linksys%2FCommon%2FVisitorWrapper

Other partners/distributors may issue separate fixes.

Vendor URL:  www.broadcom.com/ (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC