Intel Network Drivers Local Privilege Escalation Vulnerability
BID:21456
Info
Intel Network Drivers Local Privilege Escalation Vulnerability
| Bugtraq ID: | 21456 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6385 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 06 2006 12:00AM |
| Updated: | May 06 2008 10:45PM |
| Credit: | Reported by eEye Digital Security. |
| Vulnerable: |
Intel PRO/10GbE 1.0.109 Intel PRO/1000 PCIe 9.1.30.0 Intel PRO/1000 (Embedded) 0 Intel PRO/1000 9.0.15 Intel PRO/1000 7.2.7 Intel PRO/1000 8.7.1.0 Intel PRO 10/100 4.0.3 Intel PRO 10/100 3.5.14 Intel PRO 10/100 8.0.27.0 |
| Not Vulnerable: |
Intel PRO/10GbE 1.0.119 Intel PRO/1000 PCIe 9.6.31 Intel PRO/1000 (Embedded) 7.2.17 Intel PRO/1000 (Embedded) 8.7.9.0 Intel PRO/1000 9.2.6 Intel PRO/1000 7.3.15 Intel PRO/1000 8.7.9.0 Intel PRO 10/100 4.0.4 Intel PRO 10/100 3.5.17 Intel PRO 10/100 8.0.43.0 |
Discussion
Intel Network Drivers Local Privilege Escalation Vulnerability
Intel LAN drivers are prone to a local privilege-escalation vulnerability because they fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can trigger this issue to corrupt memory and to execute code with kernel-level privileges.
A successful attack can result in a complete compromise of the affected computer due to privilege escalation.
All PCI, PCI-X, and PCIe Intel network adapter drivers are vulnerable.
Intel LAN drivers are prone to a local privilege-escalation vulnerability because they fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can trigger this issue to corrupt memory and to execute code with kernel-level privileges.
A successful attack can result in a complete compromise of the affected computer due to privilege escalation.
All PCI, PCI-X, and PCIe Intel network adapter drivers are vulnerable.
Exploit / POC
Intel Network Drivers Local Privilege Escalation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Intel Network Drivers Local Privilege Escalation Vulnerability
Solution:
Intel has released upgrades to address these issues. Please see the references for more information.
Solution:
Intel has released upgrades to address these issues. Please see the references for more information.
References
Intel Network Drivers Local Privilege Escalation Vulnerability
References:
References:
- Drivers and Software for the Intel® PRO/1000 Adapters (Intel)
- Drivers for Intel® PRO/100 Adapters (currently produced models) (Intel)
- Intel® 10GbE Network Adapter Driver Quick Reference (Intel)
- Intel® LAN Driver Buffer Overflow Local Privilege Escalation (Intel)
- Summary of changes for Ethernet (Intel PRO/1000 LAN adapter software) for Window (IBM)
- EEYE: Intel Network Adapter Driver Local Privilege Escalation (eEye Advisories)