Overview
A buffer overflow vulnerability exists in the Broadcom BCMWL5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition.
Description
The BCMWL5.SYS driver is a wireless (802.11) device driver produced by Broadcom. See the systems affected section of this document for a list of vendors that ship this driver. In addition to laptop and desktop systems, this driver may also be used in access points, media centers, and other network appliances. A buffer overflow vulnerability exists in the BCMWL5.SYS driver. An attacker may be able to trigger the overflow by sending a malformed SSID probe response frame to a vulnerable system. Since 802.11b and 802.11g management frames are not encrypted, using wireless encryption (WEP/WPA) does not mitigate this vulnerability. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code, or cause a denial-of-service condition on a vulnerable system. |
Solution
Upgrade |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This issue was publicly reported by Johnny Cache on The Month of Kernel Bugs Website.
This document was written by Ryan Giobbi.
Other Information
CVE IDs: | None |
Severity Metric: | 1.63 |
Date Public: | 2006-11-11 |
Date First Published: | 2006-11-14 |
Date Last Updated: | 2007-01-17 13:56 UTC |
Document Revision: | 46 |