Feeds

Broadcom flaw spawns wireless risk

Duck and cover

New hybrid storage solutions

Security researchers have discovered a vulnerability in Broadcom wireless device drivers.

Flaws in handling 802.11 probe responses containing a long SSID field mean that systems that use the Broadcom BCMWL5.SYS wireless device driver are left open to buffer overflow attacks. The flaw might be used by hackers within radio range to inject hostile code into vulnerable systems. The list of potential targets (Broadcom partners) is extensive.

The flaw does not lend itself to remote attack across the internet but it does mean that hackers within radio range (for example when a user is in the vicinity of a hot spot used by an attacker) might be able be mount either a denial of service or code injection attack. Users are advised to turn off their wireless cards when not in use pending the availability of updates from Broadcom's partners.

The affected driver is bundled with new PCs from Dell, Gateway and HP among other computer manufacturers. Wireless card manufactures including Linksys also provide devices that ship with this driver. The vulnerability has been demonstrated in version 3.50.21.10 of the software but other versions might also be affected. The security bug only affects the wireless driver, not the Broadcom wired cards.

Broadcom has released an updated version of the driver to its partners, who are in turn providing updates for the affected products. SANS advises users to patch their systems once drivers from manufacturers become available (only Linksys has published an official update at this time).

For the technically minded among you, the "Month of Kernel Bugs" project has published a notice on the problem and metasploit module for testing purposes, as explained in a SANS advisory here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Leak of '5 MEELLLION Gmail passwords' creates security flap
You should be OK if you're not using ANCIENT password
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Enigmail PGP plugin forgets to encrypt mail sent as blind copies
User now 'waiting for the bad guys come and get me with their water-boards'
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.