http://isc.sans.org/diary.php?storyid=1845
Broadcom Wireless Vulnerability
Published: 2006-11-12,
Last Updated: 2006-11-12 01:09:18 UTC by Johannes Ullrich (Version:
2(click to highlight changes))
The "Month of Kernel Bug" project released an advisory with details
about a bug in Broadcoms Windows driver for its Wireless card. The
high/low points:
* Only effects the wireless driver, not the broadcom wired cards.
* The resepective file is BCMWL5.SYS Version 3.50.21.10 (this is the
version pointed out as vulnerable. Others may be vulnerable as well).
* Only Linksys published an official update at this time.
* Other vendors have later versions of this file available as
patches. It is not clear if they patch the problem or not.
* The problem is triggered by an overly long SSID
* the MOKB project published a metasploit module to ease
exploitation of this problem.
So much for now. Expect updates as we learn more.
Go ahead and patch your driver with whatever version they offer. If you
get a chance, test the exploit and see if it works against some of the
later versions. Of course, take care when doing so. The "known to be
fixed" version from Linksys is 4.100.15.5.
Whenever you don't use your wireless network, turn off the wireless
card. In particular if you are in a public space (airport, hotel).
Update: also see the ZERT advisory (no patch though. but the advisory
explains why)