Thursday November 20, 2008 8:37 PM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."
on Yahoo and Microsoft take aim at lottery scams
by Rodney Churchyard | Nov 20, 2008 6:13 PM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."
on Shavlik Technologies to broaden its patch management offerings
by eric | Nov 20, 2008 8:15 AM
 
"it's great i tried it"
on McAfee offers free trial of security appliance
by divyacharan | Nov 20, 2008 12:24 AM
 
"I actually love the RoboForm software myself. I use it all of the time and it takes all of the ..."
on Siber Systems RoboForm Enterprise
by Omarra Byrd | Nov 18, 2008 8:19 AM
Malware

Broadcom Wi-Fi flaw hits notebooks

  • Email a Friend
  • Print Page
Broadcom Wi-Fi flaw hits notebooks
Related Articles
By Shaun Nichols
Nov 15, 2006 10:09 AM
Tags: Broadcom | Wi-Fi | flaw | hits | notebooks
Reported as part of the Month of Kernel Bugs project, the vulnerability targets Broadcom wireless device drivers built into many laptops, so the vulnerability is not limited to any one brand. 

Linksys has issued a fix for the vulnerability which should work on all affected Broadcom chips, according to security watchdog the Zeroday Emergency Response Team (ZERT). 

The exploit is carried out when an attacker gets within signal range of a vulnerable wireless card.

The attacker then sends a specially crafted packet of networking information which causes a memory error.

The error gives the attacker access to the system and the ability to execute code and install malware, according to the Month of Kernel Bugs report.

While this exploit is only proof-of-concept and has not been reported as being used by attackers, ZERT warned that it may be actively exploited soon.

The group said in a security advisory: "An exploit is available in the development version of the Metasploit Framework (3.0) and can be used to inject any standard Windows payload into a vulnerable system."

According to ZERT, the exploit can be carried out against any vulnerable system within the attacker's signal range.

The security group said that public areas with Wi-Fi connections, such as coffee bars and airports, would be especially high-risk. The attack cannot be launched over the internet as it requires a direct wireless link to a user's system.

The SANS Internet Storm Center recommends updating the driver and disabling the wireless networking card when not in use, especially in public places. 

The Month of Kernel Bugs project was started by security researcher H D Moore with the goal of pointing out a new software vulnerability every day in November. Past subjects have included Apple's AirPort and Microsoft Windows.

Copyright © 2008 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
browser disclosure discovered dns exploit flaw injection insecure kaminsky latest microsoft patch researchers security software tcp vulnerability windows worm wpa