Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/912156 | US Government Resource |
https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf | Exploit |
http://www.kb.cert.org/vuls/id/BLUU-99HSLA | US Government Resource |
https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf | Exploit |
https://www.blackhat.com/us-13/archives.html#Butterworth |
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-08-28 06:13
Updated : 2013-10-07 11:04
NVD link : CVE-2013-3582
Mitre link : CVE-2013-3582
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
dell
- latitude_e6500
- latitude_e6400_atg
- latitude_e6400_atg_xfr
- latitude_d530
- precision_m2300
- latitude_e4200
- latitude_e4300
- precision_m6400
- precision_m6500
- precision_m2400
- precision_m4400
- latitude_z600
- latitude_d531
- latitude_d630
- latitude_e5500
- latitude_d830
- latitude_e6400
- precision_m4300
- latitude_e5400
- precision_m6300
- latitude_xt2
- latitude_d631