The Month of Kernel Bugs project (MoKB), started by Metasploit creator H.D. Moore, revealed in an advisory Saturday that Broadcom's wireless drivers are vulnerable to a "stack-based buffer overflow that can lead to arbitrary kernel-mode code execution."
"Although it cannot be exploited over the internet, it can be used against your computer from a distance," according to a follow-up advisory issued Saturday by the Zeroday Emergency Response Team. "If you are near other users with laptops, you are at risk. If you are at an airport, coffee shop or using your computer with the wireless card enabled in a public place, you are at risk."
Moore, director of security research at Austin, Texas-based BreakingPoint Systems, told SCMagazine.com today that the flaw - for which MoKB released exploit code - is effective across different wireless products and versions.
"The interesting thing about the vulnerability is how reliable it is," Moore said. "An attacker can do anything they'd like. There's no security software you can run at all to protect you. The driver receives the (malicious) packet before any firewall does."
It's up to the vendors, such as Hewlett-Packard, Dell and Gateway, to push out fixes after Broadcom released the fixed driver to their partners, according to ZERT. Linksys, Zonet and other wireless card makers also offer devices that ship with the Broadcom driver.
"Contact your vendor," Moore suggested to end users. "Ask them when they (the repaired drivers) will be out."
He also said users should disable the radio on their wireless drivers when in public places.
Although the flaw is considered dangerous, Moore said he has not seen widespread exploit, likely because launching the attack is tedious and expensive.
Moore said that for an exploit to succeed, the attacker must run Linux, use Metasploit Framework 3.0 and have a wireless card that can conduct raw-packet injections.
"It kind of is somewhat of a hassle for people not familiar with wireless stuff," Moore said, adding that MoKB plans to release other wireless exploits soon.
A Broadcom spokesman could not be reached for comment today.
Click here to email Dan Kaplan.
Broadcom wireless drivers vulnerable to attack, says Metasploit creator
By
Dan Kaplan
on
Nov 13, 2006 10:37PM
Just when you thought that spilling a hot cup of latte was all you had to worry about while surfing the web at your local Starbucks - or any public place for that matter - think again: Nearby attackers can now exploit the wireless drivers used in many popular laptops to assume control of your machine, and there is little you can do to stop them.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Partner Content
Operationalising net zero to be centre stage at IoT Impact conference
Promoted Content
Alienated from your own data? You’re not alone
Promoted Content
Security "mindset shift" needed to protect organisations
Promoted Content
Avoiding CAPEX by making on-premise IT more cloud-like
Sponsored Whitepapers
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
