WiFi exploit

George Ou gives a good overview of this new exploit that’s been published, with the fix.

This exploit potentially affects any wireless client using the Broadcom BCMWL5.SYS device driver (this

exploit has been confirmed to work on version 3.50.21.10 of the driver).

This is a serious exploit, mitigated only by the fact that someone has to get into wireless range of your PC in order to attack your system (100 to 200 feet, more with a high-powered antenna). However, this does not mean that it should be taken lightly. Follow the instructions below to patch the driver.

From the Month of Kernel Bugs site:

The Broadcom BCMWL5.SYS wireless device driver is vulnerable to a stack-based buffer overflow that can lead to arbitrary kernel-mode code execution. This particular vulnerability is caused by improper handling of 802.11 probe responses containing a long SSID field. The BCMWL5.SYS driver is bundled with new PCs from HP, Dell, Gateway, eMachines, and other computer manufacturers. Broadcom has released a fixed driver to their partners, which are in turn providing updates for the affected products. Linksys, Zonet, and other wireless card manufactures also provide devices that ship with this driver.

Link here.

Linksys has an update to the driver, here, which is believed to work with any system using the Broadcom device driver (as most of you know, it’s common in the hardware world for one company to sell software or hardware to multiple different companies).

So if you’re running the Broadcom driver, update it as soon as possible.