A new wireless exploit was released today over at the Month of Kernel Bugs affecting the Broadcom wireless chip set (one of the most widely used in the industry).
Just because you didn’t purchase anything with “Broadcom” in the name doesn’t mean you aren’t using it, since they provide the chips to a lot of manufacturers including HP, Dell, Gateway, eMachines, and Linksys.
There is already a Metasploit module, which means anyone with a modicum of technical skills, a wireless card, and a web browser can take over any vulnerable computer in wireless range.
If you use wireless, at all, it’s just a good time to go update your wireless drivers.
Although Broadcom released patched drivers, not every PC manufacturer has updated their versions. George Ou has instructions on using the Linksys drivers to update any Windows system, but I suggest most of you just be careful with your wireless in public places and wait for official patches from your hardware provider. Keep an eye out over at SANS, which is the best place to track these sorts of incidents.
Oh. Before I forget.
Reader interactions
3 Replies to “New Wireless Exploit- Very Nasty, Patch or Shutoff Now!”
No idea on Vista- and I don’‘t have a copy (or a Broadcom card) to test. I really should get an eval version.
No known Mac implications yet. I think current Airport Extreme cards are Atheros. This exploit is specific to Broadcom, using a long SSID.
HP now states they’‘ve patched this, but we really need to get people to start patching device drivers, not just Windows/Mac/*nix kernel files.
Rich,
You say \”and a web browser can take over any vulnerable computer in wireless range.\” The \”any vulnerable computer\” part is too vague!
From http://projects.info-pull.com/mokb/MOKB-11-11-2006.html this appears to be an attack on a Broadcom NDIS driver, so it affects Windows XP and Linux & BSD with the NDIS shim. Does Vista use NDIS and support this driver?
Does this attack have any impact on Macs (crash or remote root potential, with more work)?
Original post by securosis.com and published by w-plaza