취약성 정보 - Intel Desktop Board BIOS Unauthorized Downgrade Security Issue

Language:한국어

글 수 1,589

Intel Desktop Board BIOS Unauthorized Downgrade Security Issue

[레벨:9]

id: sH4

sH4

http://wowhacker.com/765912

2009.10.20 18:01:05 (*.4.246.133)

4038

Title : Intel Desktop Board BIOS Unauthorized Downgrade Security Issue
VUPEN ID : VUPEN/ADV-2009-2953
CVE ID : GENERIC-MAP-NOMATCH
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2009-10-19

세부설명
==========
Intel Desktop board 제품들에서 로컬 공격자가 제한된 보안을 우회할 수 있는 보안문제가 확인되었다.
이 문제는 이전 BIOS 버전으로 하향할 때(downgrading) 관리자로부터 명확한 확인을 요구하지 않아 발생하는
문제이다. 이것은 악의적인 사용자가 보안이 낮고 취약한 이전 BIOS 버전으로 flash할 수 있다.

해결책
==========
Apply update :
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00019

레퍼런스
==========
http://www.vupen.com/english/advisories/2009/2953
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00019

영향받는 버전
==========
Intel Desktop Board D5400XS
Intel Desktop Board DX58SO
Intel Desktop Board DX48BT2
Intel Desktop Board DX38BT
Intel Desktop Board DP45SG
Intel Desktop Board DQ45CB
Intel Desktop Board DQ45EK
Intel Desktop Board DQ43AP
Intel Desktop Board DB43LD
Intel Desktop Board DG41MJ
Intel Desktop Board DG41RQ
Intel Desktop Board DG41TY
Intel Desktop Board DG45ID
Intel Desktop Board DG45FC
Intel Desktop Board DG43NB
Intel Desktop Board DP43TF
Intel Desktop Board DQ35EC
Intel Desktop Board DQ35JO
Intel Desktop Board DQ35MP
Intel Desktop Board DG35EC
Intel Desktop Board DG33BU
Intel Desktop Board DG33FB
Intel Desktop Board DG33TL
Intel Desktop Board DG31GL
Intel Desktop Board DG31PR
Intel Desktop Board DP35DP
Intel Desktop Board D945GSEJT
Intel Desktop Board D945GCLF
Intel Desktop Board D945GCLF2

이 게시물을...

와우해커(WOWHACKER) 시누싱입니다.

목록

번호	제목	글쓴이	날짜	조회 수
1589	Apple iPhone and iPod touch Code Execution and Security Bypass 1	sH4	2010-02-04	518
1588	Sun Ray Server Code Execution and Weak Encryption Vulnerabilities	sH4	2009-12-11	1163
1587	Bftpd Packets Processing Remote Denial of Service Vulnerability	sH4	2009-10-27	3236
1586	Xion Audio Player Playlist Processing Buffer Overflow Vulnerability 18	sH4	2009-10-20	3660
	Intel Desktop Board BIOS Unauthorized Downgrade Security Issue	sH4	2009-10-20	4038
1584	Google Apps "googleapps.url.mailto:" Argument Injection Vulnerability 29	sH4	2009-10-06	5174
1583	VMware Fusion Privilege Escalation and Denial of Service Vulnerabilities 42	sH4	2009-10-06	4443
1582	Google Chrome v8 Engine Floating Point Memory Corruption Vulnerability	sH4	2009-10-06	4488
1581	Symantec AppStream Client ActiveX Insecure Method Vulnerability 23	sH4	2009-01-19	19025
1580	GNUBoard "g4_path" Parameter Local File Inclusion Vulnerability 156	sH4	2009-01-19	24202
1579	Microsoft Windows SMB Remote Code Execution Vulnerabilities (MS09-001 34	sH4	2009-01-14	18379
1578	Oracle and BEA Products Multiple Code Execution Vulnerabilities 31	sH4	2009-01-14	17535
1577	Winamp AIFF File Header Processing Buffer Overflow Vulnerability 56	sH4	2009-01-14	18725
1576	CA Products "smmsnmpd" Service Remote Command Execution Issue 50	sH4	2009-01-12	16064
1575	Serv-U Multiple Command Processing Denial of Service Vulnerability 25	sH4	2009-01-12	16958
1574	HP OpenView Network Node Manager Multiple Remote Vulnerabilities 17	sH4	2009-01-08	16118
1573	Cain & Abel Cisco IOS-MD5 Hash Handling Buffer Overflow Vulnerability 21	sH4	2009-01-08	16688
1572	Linux Kernel SCTP FWD-TSN Handling Remote Memory Overflow Vulnerability 30	sH4	2009-01-07	16347
1571	Sun Solaris NFS Version 4 Client Local Denial of Service Vulnerability 41	sH4	2009-01-07	15687
1570	VMware "vmware-authd" Request Handling Denial of Service Vulnerability 27	sH4	2009-01-07	14669

목록

쓰기

첫 페이지 1 2 3 4 5 6 7 8 9 10 끝 페이지