Last Updated: 2006-11-12 01:09:18 UTC
by Johannes Ullrich (Version: 2)
- Only effects the wireless driver, not the broadcom wired cards.
- The resepective file is BCMWL5.SYS Version 188.8.131.52 (this is the version pointed out as vulnerable. Others may be vulnerable as well).
- Only Linksys published an official update at this time.
- Other vendors have later versions of this file available as patches. It is not clear if they patch the problem or not.
- The problem is triggered by an overly long SSID
- the MOKB project published a metasploit module to ease exploitation of this problem.
Go ahead and patch your driver with whatever version they offer. If you get a chance, test the exploit and see if it works against some of the later versions. Of course, take care when doing so. The "known to be fixed" version from Linksys is 184.108.40.206.
Whenever you don't use your wireless network, turn off the wireless card. In particular if you are in a public space (airport, hotel).
Update: also see the ZERT advisory (no patch though. but the advisory explains why)