Everyone using wireless technology should take a close look at this new potential exposure, as the Broadcom based software may be used by other OEMs, besides Linksys
MOKB: New Broadcom Wi-Fi Exploit released
This is a serious exploit, mitigated only by the fact that someone has to get into wireless range of your PC in order to attack your system (100 to 200 feet, more with a high-powered antenna). However, this does not mean that it should be taken lightly. Follow the instructions below to patch the driver. Linksys has an update to the driver, which is believed to work with any system using the Broadcom device driver (as most of you know, itís common in the hardware world for one company to sell software or hardware to multiple different companies). So if youíre running the Broadcom driver, update it as soon as possible.
MOKB-11-11-2006: Broadcom Wireless Driver Probe Response SSID Overflow
The "Month of Kernel Bug" project released an advisory with details about a bug in Broadcoms Windows driver for its Wireless card. The high/low points:
* Only effects the wireless driver, not the broadcom wired cards.
& The resepective file is BCMWL5.SYS Version 126.96.36.199 (this is the version pointed out as vulnerable. Others may be vulnerable as well).
* Only Linksys published an official update at this time.
* Other vendors have later versions of this file available as patches. It is not clear if they patch the problem or not.
* The problem is triggered by an overly long SSID
* The MOKB project published a metasploit module to ease exploitation of this problem.