search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Dell BIOS in some Latitude laptops and Precision Mobile Workstations vulnerable to buffer overflow

Vulnerability Note VU#912156

Original Release Date: 2013-08-15 | Last Revised: 2013-08-22

Overview

Dell BIOS in some older Latitude laptops and Precision Mobile Workstations are vulnerable to buffer overflows (CWE-119), which can bypass the signed BIOS enforcement standard.

Description

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

Dell BIOS in some older Latitude laptops and Precision Mobile Workstations is vulnerable to buffer overflows in the rbu_packet.pktNum and rbu_packet.pktSize values. These values can be set by an attacker while performing an illegitimate BIOS update. The BIOS reads these values when reconstructing the BIOS image, before any signature check occurs.

More information is available from the BIOS Security presentation at Black Hat USA 2013.

Impact

By convincing a user with root or administrative privileges to execute a malicious BIOS update, an attacker can bypass the signed BIOS enforcement to install an arbitrary BIOS image that could contain a rootkit or malicious code that persists across operating system re-installations and official BIOS updates.

Solution

Apply an Update

Dell has released updated BIOS versions for the affected Latitude and Precision systems that can be downloaded from their support site. Dell has provided the following list of fixed BIOS versions:

Dell System                     Released        Rev
===================================================
Latitude D530                   8/22/2013       A12
Latitude D531                   7/16/2013       A12
Latitude D630                   7/16/2013       A19
Latitude D631                   7/26/2013       A12
Latitude D830                   7/16/2013       A17
Precision M2300                 7/16/2013       A11
Precision M4300                 7/16/2013       A17
Precision M6300                 7/16/2013       A15
Latitude E5400                  7/16/2013       A19
Latitude E5500                  7/16/2013       A19
Latitude E4200                  7/16/2013       A24
Latitude E4300                  7/16/2013       A26
Latitude E6400                  7/16/2013       A34
Latitude E6400 ATG              7/16/2013       A34
Latitude E6400 / ATG / XFR      7/16/2013       A34
Latitude XT2                    7/18/2013       A15
Latitude E6500                  7/16/2013       A29
Latitude Z600                   7/16/2013       A11
Precision M2400                 7/16/2013       A28
Precision M4400                 7/16/2013       A29
Precision M6400                 7/16/2013       A13
Precision M6500                 7/18/2013       A10

Vendor Information

912156
Expand all

Dell Computer Corporation, Inc.

Notified:  July 11, 2013 Updated:  August 22, 2013

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Dell provided the following list of fixed BIOS versions:

Dell System                     Released        Rev
===================================================
Latitude D530                   8/22/2013       A12
Latitude D531                   7/16/2013       A12
Latitude D630                   7/16/2013       A19
Latitude D631                   7/26/2013       A12
Latitude D830                   7/16/2013       A17
Precision M2300                 7/16/2013       A11
Precision M4300                 7/16/2013       A17
Precision M6300                 7/16/2013       A15
Latitude E5400                  7/16/2013       A19
Latitude E5500                  7/16/2013       A19
Latitude E4200                  7/16/2013       A24
Latitude E4300                  7/16/2013       A26
Latitude E6400                  7/16/2013       A34
Latitude E6400 ATG              7/16/2013       A34
Latitude E6400 / ATG / XFR      7/16/2013       A34
Latitude XT2                    7/18/2013       A15
Latitude E6500                  7/16/2013       A29
Latitude Z600                   7/16/2013       A11
Precision M2400                 7/16/2013       A28
Precision M4400                 7/16/2013       A29
Precision M6400                 7/16/2013       A13
Precision M6500                 7/18/2013       A10

Vendor References

http://support.dell.com/

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C
Temporal 4.9 E:POC/RL:OF/RC:C
Environmental 3.7 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Corey Kallenberg, John Butterworth, and Xeno Kovah of the MITRE Corporation for reporting this vulnerability. Thanks also to Rick Martinez from Dell.

This document was written by Adam Rauf.

Other Information

CVE IDs: CVE-2013-3582
Date Public: 2013-08-15
Date First Published: 2013-08-15
Date Last Updated: 2013-08-22 18:39 UTC
Document Revision: 54

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.