Code Execution Bug In Broadcom Wi-Fi Driver 157
2U*U2 writes to mention an EWeek article about an entry in the Month of Kernel Bugs. John Ellch has discovered a critical vulnerability in the Broadcom wireless driver: a driver used in machines from HP, Dell, Gateway, and eMachines. From the article: "[The bug] is a stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver that could be exploited by attackers to take complete control of a Wi-Fi-enabled laptop. The vulnerability is caused by improper handling of 802.11 probe responses containing a long SSID field and can lead to arbitrary kernel-mode code execution. The volunteer ZERT (Zero Day Emergency Response Team) warns that the flaw could be exploited wirelessly if a vulnerable machine is within range of the attacker."
But which OS!? (Score:5, Informative)
Admittedly, the article to which this newspost links also doesn't mention this until the third or fourth paragraph or so.
At first I thought the article was about the Linux kernel, in that case I would have wanted a (global) list of the OS's/versions affected as well, because my laptop might have been vulnerable in that case!
So, I assume it's just Windows XP SP2 (and probably older SP's), or other versions as well?
Re:NDISWrapper (Score:3, Informative)
Re:NDISWrapper (Score:5, Informative)
More details at... (Score:5, Informative)
http://isc.sans.org/diary.php?storyid=1845&isc=2e
Or look at the Month of Kernel Bugs site itself:
http://projects.info-pull.com/mokb/MOKB-11-11-200
Workaround for non-Linksys devices (Score:5, Informative)
Re:So... (Score:1, Informative)
Puh-lease. (Score:5, Informative)
C is, essentially, portable assembly language. I love it -- it's one of the languages I know the best, and I continue to work in it. However, I'd love to see the use of Cyclone or special compile-time checked languages for the essentials. I think most device drivers could be easily rewritten to be bullet-proof (stack overflow) this way, and such languages are easier to do state machine analysis on (since most device drivers are simple pieces of software that control the state of the hardware). Provably correct operating system design is not a theory, but no one seems to be interested.
Re:NDISWrapper (Score:3, Informative)
currently I think its officially listed as unsupported (11Mbs and 18Dbm)in ubuntu. Using ndiswrapper the driver forces the card from mode0 to mode2 and the card works reliably at 54Mbs and transmits at 25Dbm.
whats mode0 whats mode2 you could ask broadcom but they don't answer. Personally I would boycott Broadcom products and go for a more linux friendly companys chipset such as ralink, unfortunately with laptops its harder to avoid broadcom the wireless is minipci but the bios locks out non hp approved cards however
http://stachon.webpark.cz/ipw-eeprom.html [webpark.cz] might help with that.
Re:NDISWrapper (Score:3, Informative)
I personally had the bcm43xx drivers cause system instability with two very different machines and different broadcom chipsets. Going back to ndis made things stable again.
But Kudos to the bcm43xx developers, I hope they get this cracked. although in the future, I'll make more of an effort to steer clear of Broadcom, both because of their lack of co-operation in supporting Linux AND this recent news.
Broadcom can join Canon on my shit list.