Search This Blog

Showing posts with label Denial of Service vulnerability. Show all posts

Broadcom WiFi Chipset Driver Defect Takes Its Toll On OSs, IoTs, Phones and Other Devices.




Reportedly, the flaws in the Broadcom WiFi chipset drivers are causing a lot of trouble for phones and operating systems that are exposed to it.


This means, attackers could be allowed to execute arbitrary code and initiate DOS. (Denial of Service)

As reported by an intern of a reputed lab, the Broadcom drivers and the open source “brcmfmac” driver possess several vulnerabilities.

As it turns out, the Broadcom drivers are susceptible to “two heap buffer overflows.” Whereas, the ‘brcmfmac’ drivers are susceptible to frame validation bypass as well as heap buffer overflow.

Per the Common Weakness Enumeration database, the heap buffer overflows could cause the software to run in an infinite loop, system crashes, along with execution of arbitrary code.


These above activities are evidently beyond the security policies and security services.

The aforementioned Broadcom WiFi chips are insidiously used by almost everyone without their knowing it. From a laptop through the IoT devices to the smart TVs all the devices have these chip drivers.


As these chips are enormously prevalent, they comprise of an even more enormous target range. Any simple vulnerability or flaw found in them could be a matter of serious risk.

The Broadcom WiFi chipset drivers could be easily exploited by the unauthenticated attackers by way of sending malicious “WiFi packets”.

These packets would later on help in initiating the arbitrary code execution. All the attacks would simply lead to Denial of Service.

In the list of the risks that stand to vulnerable devices, Denial of Service attacks and arbitrary code execution are on the top. These flaws were found also in Linux kernel and the firmware of Broadcom chips.

According to the source note, the four brcmfmac and Broadcom wl drivers vulnerability is of the sort, CVE-2019-8564, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, CVE-2019-9503.

·       CVE-2019-9503: When the driver receives the firmware event frame from the remote source, it gets discarded and isn’t processed. When the same is done from the host the appropriate handler is called. This validation could be bypassed if the bus used is a USB.

·       CVE-2019-9500: A malicious event frame could be constructed to trigger a heap buffer overflow.



·       CVE-2019-9501: The vendor is supplied with the information with data larger than 32 bytes and  a heap buffer overflow is triggered in “wlc_wpa_sup_eapol”

·       CVE-2019-9502: when the vendor information data length is larger than 164 bytes a heap buffer overflow is triggered in “wlc_wpa_plumb_gtk”

If the wl driver’s used with SoftMAC chipsets the vulnerabilities are triggered in the host’s kernel whereas, when used with FullMAC chipset, they are triggered in chipset’s firmware.

There are approximately over 160 vendors that stand vulnerable to Broadcom WiFi chipsets within their devices.

Two of Broadcom’s vulnerabilities were patched which were found in the open source brcmfmac Linux kernel.

CVE-2019-8564 vulnerability had been patched by Apple as a part of their security update, a day before the developer revealed the vulnerabilities.

Vulnerability in Snapchat allows hackers to remotely crash iPhones

A New security flaw has been discovered in Snapchat app allows a hacker to launch denial of service attack that will crash your Iphone devices.

A cyber security researcher Jaime Sanchez today exposed a security bug in Snapchat app that allows an attacker to send thousands of messages within few seconds.  Users can only recover the phone by hard reset.

The app generates a new token whenever user send a message, in order to verify their identity.  

According to Los Angeles Times, vulnerability allows to reuse the old tokens generated by the app to send new messages.  A cyber criminal can use these old tokens to send a large amount of spam messages.

The researcher hasn't informed Snapchat about the vulnerability and told Los Angeles times that Snapchat has no respect for the cyber security research community.

The reason why researcher is saying that is because Snapchat recently ignored a security bug reported by security researchers that could be used to expose user data.

Three critical vulnerabilities identified in Apache Tomcat 7 and 6


The Tomcat security team has identified three critical vulnerabilities in the Apache Tomcat , an open source web server and servlet container . The vulnerabilities affect 7 and 6 versions .

CVE-2012-4534: Denial of Service(DOS) vulnerability
When using the NIO connector with sendfile and HTTPS enabled, if a
client breaks the connection while reading the response an infinite loop
is entered leading to a denial of service. Tomcat 7.0.0 to 7.0.27 and Tomcat 6.0.0 to 6.0.35 are affected .

CVE-2012-3546 : Apache Tomcat Bypass of security constraints
When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate(). Tomcat 7.0.0 to 7.0.29 and Tomcat 6.0.0 to 6.0.35 are affected .

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
The CSRF prevention filter could be bypassed if a request was made to a
protected resource without a session identifier present in the request. Tomcat 7.0.0 to 7.0.31 and Tomcat 6.0.0 to 6.0.35 are affected .

Users of affected versions are advised to upgrade their Tomcat with the latest versions.