Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/912156 | US Government Resource |
http://www.kb.cert.org/vuls/id/BLUU-99HSLA | US Government Resource |
https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf | Exploit |
https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf | Exploit |
https://www.blackhat.com/us-13/archives.html#Butterworth | |
http://www.kb.cert.org/vuls/id/912156 | US Government Resource |
http://www.kb.cert.org/vuls/id/BLUU-99HSLA | US Government Resource |
https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf | Exploit |
https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf | Exploit |
https://www.blackhat.com/us-13/archives.html#Butterworth |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:53
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/912156 - US Government Resource | |
References | () http://www.kb.cert.org/vuls/id/BLUU-99HSLA - US Government Resource | |
References | () https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf - Exploit | |
References | () https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf - Exploit | |
References | () https://www.blackhat.com/us-13/archives.html#Butterworth - |
Information
Published : 2013-08-28 13:13
Updated : 2024-11-21 01:53
NVD link : CVE-2013-3582
Mitre link : CVE-2013-3582
CVE.ORG link : CVE-2013-3582
JSON object : View
Products Affected
dell
- latitude_d530
- latitude_d631
- latitude_d630
- latitude_d531
- precision_m6300
- latitude_e4200
- precision_m2400
- latitude_e4300
- precision_m2300
- precision_m4400
- precision_m6400
- precision_m4300
- latitude_e6400
- latitude_e6400_atg_xfr
- latitude_d830
- latitude_xt2
- latitude_e6400_atg
- latitude_e5400
- latitude_e5500
- latitude_z600
- latitude_e6500
- precision_m6500
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer