Broadcom Wireless Driver (BCMWL5.SYS) Probe Response SSID Overflow

This script is Copyright (C) 2006-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a wireless device driver that is prone to
a buffer overflow attack.

Description :

The Windows remote host contains a Broadcom wireless device driver.

The installed version of this driver on the remote host includes the
file 'bcmwl5.sys' that is reportedly affected by a stack-based
overflow vulnerability. An attacker within wireless range of the
affected host may be able to leverage this issue using a 802.11 probe
response with a long SSID field to execute arbitrary kernel-mode code
on the affected host.

See also :

http://www.nessus.org/u?fee574a6
http://www.nessus.org/u?5f902569
https://isc.sans.edu/diary/Broadcom+Wireless+Vulnerability/1845

Solution :

Contact the device's manufacturer for an update.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.5
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 23637 (broadcom_long_ssid_overflow.nasl)

Bugtraq ID: 21007

CVE ID: CVE-2006-5882

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now