dslreports logo
site
spacer

spacer
 
   
spc
story category
Broadcom Wi-Fi Driver Flaw
HP, Dell, Gateway and eMachines
by Karl Bode 11:19AM Sunday Nov 12 2006
Eweek reports that there's a critical vulnerability in the Broadcom wireless driver embedded in laptops from HP, Dell, Gateway and eMachines. The vulnerability is a stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver, which according to reports could allow an attacker to take complete control of a vulnerable laptop. The vulnerability is made possible by the driver's improper handling of probe responses containing a long SSID field, and may result in arbitrary kernel-mode code execution.

view:
topics flat nest 

phattieg

join:2001-04-29
Winter Park, FL

Back in the day...

I remember back in the day, when people said "viruses are only exe files" then came the buffer overflows. Since then, worms and viruses come in thru everything from MP3 files, JPEG images, .SYS files, even built in Windows components are vunerable.

So, in closing, I would say it's a wise decision NOT to buy any new PC's, or hardware. Keep what you've got. If you upgrade, you chance having an issue like this news article describes.

LOL....
--
SIPPhone/Gizmo # 17476200648 / PIMPNET Chatline / Ran by Asterisk & Slackware 10.1.

nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA

Re: Back in the day...

A buffer overflow exploit is a rather different creature from a virus. Granted, a buffer overflow may be leveraged by a virus or worm to accomplish things, but that does not make them equivalent.

-tom
matrix3D

join:2006-09-27
Middletown, CT

Re: Back in the day...

What he said.

phattieg

join:2001-04-29
Winter Park, FL
said by nixen:

A buffer overflow exploit is a rather different creature from a virus. Granted, a buffer overflow may be leveraged by a virus or worm to accomplish things, but that does not make them equivalent.

-tom
I know that a buffer overflow is not a "virus". It is an exploit of existing code that is running in memory. If you send un-usable characters to the buffer, you can go beyond the buffers limit, and overwrite code in memory. Thus, you can program virus code to attach after the buffer was overflowed, and when the program restarts in memory, it will load the native code, as well as the "overflowed" code, instead of reloading the file from the hard drive.

What I'm trying to say, is this was never an issue back in the days. Now it's all over the place, and is usually the first way someone exploits.
--
SIPPhone/Gizmo # 17476200648 / PIMPNET Chatline / Ran by Asterisk & Slackware 10.1.

nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA

Re: Back in the day...

said by phattieg:

What I'm trying to say, is this was never an issue back in the days. Now it's all over the place, and is usually the first way someone exploits.
Buffer overflows have ALWAYS been a problem. Some of the earliest Internet worms took advantage of them. It's not like people just suddenly started writing code that had these weaknesses in them.

-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis

insomx
Premium
join:2003-01-26
Canada

Great.

I have a Gateway with a Broadcom

jjsk8r85

join:2005-02-17
Belleville, MI

1 edit

bcm sucks.

broadcom is crap anyhow, due to their lack of linux support. they won't open source their drivers, maybe this is why!
The Way Out

join:2003-01-20

Re: bcm sucks.

Their GigE stuff works fine with the Tigon3 driver. It's been in the 2.4 kernel for ages.

jjsk8r85

join:2005-02-17
Belleville, MI

Re: bcm sucks.

well, I meant more for what most people don't want to do with them. they're not as robust as the atheros or orinoco drivers with regards to linux.

joako
Premium
join:2000-09-07
/dev/null
kudos:6
said by jjsk8r85:

broadcom is crap anyhow, due to their lack of linux support. they won't open source their drivers, maybe this is why!
But there's an opensource reverse engineered driver...
--
Am Heimcomputer sitz' ich hier, und programmier' die Zukunft mir

jjsk8r85

join:2005-02-17
Belleville, MI

Re: bcm sucks.

right, it's reverse engineered. it doesn't allow for packet injection or anything like that.
vaibhav5

join:2004-10-01
UK

I have HP laptop with broadcom running kubuntu linux...

I have HP laptop with broadcom running kubuntu linux so that make me vulnerable too?
PrntRhd
Premium
join:2004-11-03
Fairfield, CA

Broadcom Wi-Fi Driver Flaw

The Linksys wifi adapters are already fixed with a driver update.
hrickpa

join:2001-06-07
Reading, PA
Reviews:
·Verizon Online DSL

Re: Broadcom Wi-Fi Driver Flaw

the linksys driver can be used on most broadcom WLAN Mini-PCI Card

i replaced bcmwl5.sys in the c:\windows\system32\drivers
the driverworks with Dell Wireless 1370 WLAN Mini-PCI Card

the fixed driver is from linksys WPC300N adapter

i also noticed it connectes better

plk
Premium
join:2002-04-20
united state

A Dell Laptop with Broadcom drivers

I'll guess I have a broadcom based wireless card. It a Dell 1450 dual mini PCI.... POS if you ask me. Always takes minutes to connect. Might be a good reason to go buy a new one.
--
Thermaltake 2000a/Asus P4C-e/p4 3.4/ocz3500 2x512/WD.2x200g/raptor2x74 raid 0/ATI 9600/APC sua 1500/Logitech z-680/ Samsung 213t LCD/MX 1000
hrickpa

join:2001-06-07
Reading, PA
Reviews:
·Verizon Online DSL

Re: A Dell Laptop with Broadcom drivers

the linksys driver can be used on most broadcom WLAN Mini-PCI Card

i replaced bcmwl5.sys in the c:\windows\system32\drivers
the driverworks with Dell Wireless 1370 WLAN Mini-PCI Card

the fixed driver is from linksys WPC300N adapter

i also noticed it connectes better

ReVeLaTeD
Premium
join:2001-11-10
San Diego, CA

It's good I saw this article.

I need to pass it to my company's IS manager. We just recently upgraded our standard user laptop to the Dell 620 and developer laptop (the one I have) to the Dell 820. Both versions, I do believe, are vulnerable.

sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ

"Apple flaw"

Is this the same string of vulnerabilities that "Johnny Cache" has been sitting on while milking the Apple thing for all it's worth?

EnzonE

join:2000-03-23
Indiana, PA

I'm sure they'll be working on a fix... hopefully?

Will be looking forward to it! I do have a linksys wi-fi card I could insert in the meantime if this is something that will take some time; just to be on the safe side!

frozenincarbonite

@mackierogers.com

How can you find out?

How do you know if you have a broadcom wireless driver? And how do you figure out what version it is?