[SA23221] Intel LAN Driver Unspecified Privilege Escalation Vulnerability

Les derniers commentaires publiés sur SecuObs (1-5):

- ESRT @netsparker @jeremiahg - Scanner Review Vendors begin responding: HP Web - ESRT @dloss - Python tools for penetration testers - ESRT @sagar38 @laramies @matalaz - Pyew A Python tool to analyze malware - synspam 0.4.0-1 - sipwitch 0.7.0 Les derniers commentaires publiés sur SecuObs (6-25) Tous les commentaires publiés sur SecuObs avant les 5 derniers

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA23221] Intel LAN Driver Unspecified Privilege Escalation Vulnerability

To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.

The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.

This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: link://[click] Contact Secunia Sales for more information: link://[click]

TITLE: Intel LAN Driver Unspecified Privilege Escalation Vulnerability

SECUNIA ADVISORY ID: SA23221

VERIFY ADVISORY: link://[click]

CRITICAL: Less critical

IMPACT: Privilege escalation

WHERE: Local system SOFTWARE: Intel PRO 10/100 Adapters (Linux) 3.x link://[click] Intel PRO 10/100 Adapters (UnixWare/SCO6) 4.x link://[click] Intel PRO 10/100 Adapters (Windows) 8.x link://[click] Intel PRO/1000 Adapters (Linux) 7.x link://[click] Intel PRO/1000 Adapters (UnixWare/SCO6) 9.x link://[click] Intel PRO/1000 Adapters (Windows) 8.x link://[click] Intel PRO/1000 PCIe Adapters (Windows) 9.x link://[click] Intel PRO/10GbE Adapters (Linux) 1.x link://[click]

DESCRIPTION: A vulnerability has been reported in Intel LAN drivers, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow by using certain function calls incorrectly.

Successful exploitation allows execution of arbitrary code with kernel-level privileges.

SOLUTION: Apply patches (see the vendor's advisory for details).

PROVIDED AND/OR DISCOVERED BY: The vendor credits eEye Digital Security.

ORIGINAL ADVISORY: Intel: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA23240] Plone Group Masquerading Vulnerability
Suivant par Date: [SA23246] Citrix ICA Client ActiveX Control Heap Overflow Vulnerability
Precedent par fil : [SA23240] Plone Group Masquerading Vulnerability
Suivant par fil : [SA23246] Citrix ICA Client ActiveX Control Heap Overflow Vulnerability
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires publiés sur SecuObs (6-25):

- Airdrop-ng Release - GuruPlug, the next generation of SheevaPlug - Anomos 0.9 Released Public Tracker Up and Running - ESRT @IBMFedCyber - DECT crypto cracked academically - Responder Professional 2.0, a Windows physical memory and automated malware a - ESRT @Marsmensch @hdmoore - Metasploit supports owning insecure IIS WebDAV - Added a small hack to ronin-ext, Ronin::Autoload: autoloads missing constants - ESRT @proactivedefend - Iptables Limits Connections Per IP - ESRT @EdiStrosar @spendergrsec - Linux 2618+ infoleak exploit added to Enligh - ESRT @SecMailLists - Full Disclosure: XSS vulnerability in NEW orkut - ESRT @helpnetsecurity @lbhuston - Zero-day vulnerabilities on the market - ESRT @agar38 @achillean @theprez98 - SHODAN for Penetration Testers slides fr - Video : ESRT @secdocs - Using OpenBSC for fuzzing of GSM handsets - ESRT @helpnetsecurity - Configure Netfilter Shorewall 4.4.7 RC2 released - PS3 hypervisor exploit reproduced - Mozilla Removes Two Malicious Firefox Add-Ons - Wrapping insecure web apps with Apache - Oracle Patches Critical WebLogic Flaw - Directory traversal as a reconnaissance tool - Video : Scanning with the NetChk Configure NIST Policy Les cinq derniers commentaires publiés sur SecuObs Tous les commentaires publiés sur SecuObs avant les 25 derniers

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, microsoft, réseau, attaque, vulnérabilité, outil, système, audit, virus, internet, données, présentation, linux, metasploit, protocol, bluetooth, vista, shell, scanner, réseaux, rootkit, paquet, trames, source, conférence, téléphone, wishmaster, noyau, engineering, mobile, sysun, https, téléphones, mémoire, patch, intel, botnet, libre, rapport, scapy, reverse, contourner, securitech + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA38414 Fedora update for gmime22 - SA38429 Debian update for squid and squid3 - SA38461 Ubuntu update for kernel - SA38476 F5 Products TCP Implementation Denial of Service - SA38377 Fedora update for dokuwiki + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Claude Mercier/CLSC-CHSLD BVLV/Reg03/SSSS est absent(e). - Re: Full-disclosure about jit and dep+aslr - Re: Full-disclosure about jit and dep+aslr - Re: Full-disclosure about jit and dep+aslr - Re: Full-disclosure about jit and dep+aslr + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability - DSECRG-09-065 TVUPlayer PlayerOcx.ocx ActiveX - Insecure method - mongoose Space Character Remote File Disclosure Vulnerability - Suspected SpamVulnerability in Tagcloud for DataLife Engine - Re: Multiple vulnerabilities in XAMPP (advisory #7) - Re: Samba Remote Zero-Day Exploit + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

vmware, security, virus, biometric, windows, lockpicking, password, metasploit, botnet, tutorial, crypt, attack, linux, network, iphone, server, exploit, wimax, conficker, virtu, virtual, engineering, cisco, reverse, ettercap, wireshark, hacker, firewall, knoppix, arduino, internet, rootkit, wireless, source, brucon, backtrack, openbsd, systm, overflow, openssh, conference, buffer, access, remote, defcon + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter