SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#296681

Intel network drivers privilege escalation vulnerability

Overview

A buffer overflow vulnerability in Intel PRO Ethernet drivers may allow local attackers to execute code with elevated privileges.

I. Description

Intel network adapter drivers are developed and maintained by Intel for Windows and Linux operating systems.

A buffer overflow vulnerability exists in all PCI, PCI-X and PCIe Intel network adapter drivers. Successful exploitation of this vulnerability may allow a local attacker to run commands with additional privileges or gain other unintended access.

Note that Intel has provided instructions to determine what driver version is installed on Windows or Linux systems.

II. Impact

A local authenticated attacker may be able to gain SYSTEM privileges.

III. Solution

Upgrade

Intel has released upgraded drivers for PCI, PCI-X and PCIe network adapters.

Systems Affected

VendorStatusDate NotifiedDate Updated
Dell Computer Corporation, Inc.Unknown18-Dec-2006
Hewlett-Packard CompanyUnknown18-Dec-2006
HitachiVulnerable19-Jan-2007
IBM CorporationUnknown18-Dec-2006
Intel CorporationVulnerable16-Dec-2006
Microsoft CorporationUnknown18-Dec-2006
Sony CorporationUnknown18-Dec-2006
ToshibaUnknown18-Dec-2006

References


http://www.intel.com/support/network/sb/CS-023726.htm
http://research.eeye.com/html/advisories/published/AD20061207.html
http://research.eeye.com/html/advisories/upcoming/20060710.html
http://secunia.com/advisories/23221/

Credit

Thanks to Intel for providing information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public:2006-12-06
Date First Published:2006-12-18
Date Last Updated:2007-01-19
CERT Advisory: 
CVE-ID(s):CVE-2006-6385
NVD-ID(s):CVE-2006-6385
US-CERT Technical Alerts: 
Metric:1.06
Document Revision:42

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader