Broadcom NetXtreme Ethernet Card possible remote vulnerability

"A buffer overflow vulnerability exists in the Broadcom NetXtreme
management firmware. This vulnerability may allow a remote attacker to
execute arbitrary code on an affected device."

This affects the firmware on the card itself, regardless of whether the
machine is turned on or off. Both Dell and HP use these cards in their
desktops and servers.

The following devices/firmwares are affected:

* BCM5751, BCM5752, BCM5753, BCM5754, BCM5755, BCM5756, BCM5764,
BCM5787: v8.04
* BCM57760: v8.07
* BCM5761: v1.24.0.9

"Broadcom has released updated versions of the management firmware for
all affected devices to PC OEMs as part of the Broadcom NetXtreme 14.0
software release."

Exploits for this vulnerability were recently demonstrated, although the
tools used were not released to the public. The exploits included
copying packets, denying packets, injecting packets, replacing packets,
encryption key compromise, and malicious software injection.

It is recommended that an audit be conducted of HP, Dell and other
computers to determine if one of these affected Broadcom cards is in
use. Firmware updates are available and should be applied to any
vulnerable system.