| VID |
28189 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows host has a Broadcom BCMWL5.SYS wireless driver that is vulnerable to a buffer overflow vulnerability. The BCMWL5.SYS driver is vulnerable to a stack-based buffer overflow vulnerability, caused by improper handling of 802.11 probe responses. By sending a malformed 802.11 probe response frame containing a long SSID field to a vulnerable host, a remote, unauthenticated attacker could execute arbitrary code, or cause a denial-of-service condition on the affected host.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://projects.info-pull.com/mokb/MOKB-11-11-2006.html
http://isotf.org/advisories/zert-01-111106.htm
http://isc.incidents.org/diary.php?storyid=1845
http://www.securiteam.com/mokb/projects.info-pull.com/mokb/MOKB-11-11-2006.html
http://www.kb.cert.org/vuls/id/209376
http://securitytracker.com/id?1017212
http://www.frsirt.com/english/advisories/2006/4459
http://www.frsirt.com/english/advisories/2006/4460
http://secunia.com/advisories/22831
* Platforms Affected:
Broadcom Wireless Driver versions 3.50.21.10 and earlier
Linksys WPC300N versions prior to 4.100.15.5
Microsoft Windows Any version |
| Recommendation |
For Linksys:
Upgrade to the latest driver version (4.100.15.5 or later), available from the Linksys WPC300N Web site at http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109934&packedargs=sku%3D1144763513196&pagename=Linksys%2FCommon%2FVisitorWrapper
For Zonet:
Upgrade to the latest driver version, available from the Zonet Web site at http://www.zonetusa.com/DispProductDownload.asp?ProductID=179 |
| Related URL |
CVE-2006-5882 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
30202 (ISS) |
|
