Full Disclosure mailing list archives
Re: EEYE: Intel Network Adapter Driver Local Privilege Escalation
From: "Randal T. Rioux" <randy () procyonlabs com>
Date: Tue, 12 Dec 2006 06:39:37 -0500
Josh Bressers wrote:
eEye Research - http://research.eeye.com Intel Network Adapter Driver Local Privilege Escalation Release Date: December 7, 2006 Date Reported: July 10, 2006 Severity: Medium (Local Privilege Escalation to Kernel) Systems Affected: Windows 2000, XP, 2003, Vista Intel PRO 10/100 - 8.0.27.0 or previous Intel PRO/1000 - 8.7.1.0 or previous Intel PRO/1000 PCI - 9.1.30.0 or previous Linux Intel PRO 10/100 - 3.5.14 or previous Intel PRO/1000 - 7.2.7 or previous Intel PRO/10GbE - 1.0.109 or previous UnixWare/SCO6 Intel PRO 10/100 - 4.0.3 or previous Intel PRO/1000 - 9.0.15 or previousIt's worth noting that this advisory is misleading. This flaw does not affect the Linux drivers. The Linux drivers do not support the NDIS API and the OID concept that Windows does.
Thanks for the confirmation... I thought I had gone mad for a bit there. It just didn't sound right. The version numbers threw me off. Does anyone know how these specific Linux driver version numbers were determined? Randy _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- EEYE: Intel Network Adapter Driver Local Privilege Escalation eEye Advisories (Dec 07)
- Re: EEYE: Intel Network Adapter Driver Local Privilege Escalation Josh Bressers (Dec 08)
- Re: EEYE: Intel Network Adapter Driver Local Privilege Escalation Randal T. Rioux (Dec 12)
- Re: EEYE: Intel Network Adapter Driver Local Privilege Escalation Josh Bressers (Dec 08)