Serious Flaw In Broadcom Wi-Fi
The susceptibility is a 'stack-based buffer flush' in Broadcom BCMWL5.SYS wireless driver. As per the reports, it could let an attacker to gain complete control on the vulnerable laptop. The susceptibility is due to inappropriate treatment of probe reactions comprising of a long SSID field, and may lead to absolute implementation of kernel-mode code.
The volunteer Zero Day Emergency Response Team (ZERT) cautions that the loophole could be used wirelessly if a susceptible system is within the attacker's range.
The group, together with the SANS ISC (Internet Storm Center), Beyond Security's SecuriTeam and H.D. Moore's Metasploit project issued an advisory to warn users that if they are with other users, in a coffee shop, airport, or using their laptop with wireless card enabled at any public place then the threat of vulnerability attack is greater.
Researcher 'Johnny Cache' discovered the flaw and disclosed it privately to Broadcom so that a fix could be prepared before the proof-of-concept and details of the research made public.
Johnny Cache said that the exploit is very dependable and ensures the hacker 100% complete over the compromised system. Since the attack has been added to Metasploit 3.0 framework that comprise of kernel-level shell code, the attack can be executed with a little knowledge of hacking.
The loophole is highly dangerous as it exploits the operating system's kernel that means it evades all the traditional security techniques like HIDS, firewalls, anti-virus and other measures. The range of the strike is confined to Wi-Fi range i.e., 100-200 feet but it can be increased by using high-power antennas.
Broadcom designed an updated support driver but chose not to release a safety advisory. Hitherto, only Linksys, a division of Cisco, has launched an updated version of driver, which takes care of this serious flaw though no indication was given about the serious nature of the update.
Alongwith Linksys, many other anonymous wireless card makers, like Zonet, provide devices, which ship with susceptible Broadcom driver.
Related article: Surge in Spam attack
» SPAMfighter News - 14-11-2006