The Channel logo


By | John Leyden 15th November 2006 17:11

Broadcom flaw spawns wireless risk

Duck and cover

Security researchers have discovered a vulnerability in Broadcom wireless device drivers.

Flaws in handling 802.11 probe responses containing a long SSID field mean that systems that use the Broadcom BCMWL5.SYS wireless device driver are left open to buffer overflow attacks. The flaw might be used by hackers within radio range to inject hostile code into vulnerable systems. The list of potential targets (Broadcom partners) is extensive.

The flaw does not lend itself to remote attack across the internet but it does mean that hackers within radio range (for example when a user is in the vicinity of a hot spot used by an attacker) might be able be mount either a denial of service or code injection attack. Users are advised to turn off their wireless cards when not in use pending the availability of updates from Broadcom's partners.

The affected driver is bundled with new PCs from Dell, Gateway and HP among other computer manufacturers. Wireless card manufactures including Linksys also provide devices that ship with this driver. The vulnerability has been demonstrated in version of the software but other versions might also be affected. The security bug only affects the wireless driver, not the Broadcom wired cards.

Broadcom has released an updated version of the driver to its partners, who are in turn providing updates for the affected products. SANS advises users to patch their systems once drivers from manufacturers become available (only Linksys has published an official update at this time).

For the technically minded among you, the "Month of Kernel Bugs" project has published a notice on the problem and metasploit module for testing purposes, as explained in a SANS advisory here. ®

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe