Broadcom Wireless Driver (BCMWL5.SYS) Probe Response SSID Overflow

high Nessus Plugin ID 23637

Synopsis

The remote Windows host has a wireless device driver that is prone to a buffer overflow attack.

Description

The Windows remote host contains a Broadcom wireless device driver.

The installed version of this driver on the remote host includes the file 'bcmwl5.sys' that is reportedly affected by a stack-based overflow vulnerability. An attacker within wireless range of the affected host may be able to leverage this issue using a 802.11 probe response with a long SSID field to execute arbitrary kernel-mode code on the affected host.

Solution

Contact the device's manufacturer for an update.

See Also

http://www.nessus.org/u?fee574a6

http://www.nessus.org/u?5f902569

https://isc.sans.edu/diary/Broadcom+Wireless+Vulnerability/1845

Plugin Details

Severity: High

ID: 23637

File Name: broadcom_long_ssid_overflow.nasl

Version: 1.17

Type: local

Agent: windows

Family: Windows

Published: 11/13/2006

Updated: 6/27/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/11/2006

Reference Information

CVE: CVE-2006-5882

BID: 21007

CWE: 119