MoKB Wireless Driver Bug - Critical to Windows Systems
November 12th, 2006 by SecuriTeam, Filed under: Full Disclosure, Corporate Security, Networking, Fuzzing
the month of kernel bugs (mokb) released an advisory (mokb-11-11-2006) today on a wireless vulnerability in broadcom’s wireless driver.
zert, in cooperation with metasploit, the sans isc and indeed, securiteam, issued an advisory on the issue, explaining why it is critical, etc.:
http://isotf.org/advisories/zert-01-111106.htm
the advisory was written by h d moore, gadi evron (me) and johannes ullrich.
worth a read, this is serious.
also:
http://blog.washingtonpost.com/securityfix/2006/11/exploit_targets_widely_deploye.html
gadi evron,
ge@beyondsecurity.com.
-
Is your site safe from SQL Injection? Sign up for an Automated Vulnerability Detection Service today!
Subscribe
Subscribe
It’s worth nothing that users of Windows Vista, Windows XP SP2, and Windows Server 2003 SP1 who are running those operating systems on 64-bit CPUs will be protected by default from this exploit. On those architectures, Windows enforces kernel-mode DEP, which prevents the Metasploit module from working. To be sure that you’re protected, be sure that your boot.ini does NOT contain “/NoExecute=AlwaysOff”. I should also note that I’m not even sure if Windows Server 2003 has wireless client support.