CVE-2013-3582

Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:dell:latitude_d530:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_d531:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_d630:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_d631:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_d830:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e4200:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e4300:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e5400:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e5500:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6400:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6400_atg:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6400_atg_xfr:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6500:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_xt2:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_z600:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_m2300:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_m2400:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_m4300:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_m4400:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_m6300:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_m6400:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_m6500:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:53

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/912156 - US Government Resource () http://www.kb.cert.org/vuls/id/912156 - US Government Resource
References () http://www.kb.cert.org/vuls/id/BLUU-99HSLA - US Government Resource () http://www.kb.cert.org/vuls/id/BLUU-99HSLA - US Government Resource
References () https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf - Exploit () https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf - Exploit
References () https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf - Exploit () https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf - Exploit
References () https://www.blackhat.com/us-13/archives.html#Butterworth - () https://www.blackhat.com/us-13/archives.html#Butterworth -

Information

Published : 2013-08-28 13:13

Updated : 2024-11-21 01:53


NVD link : CVE-2013-3582

Mitre link : CVE-2013-3582

CVE.ORG link : CVE-2013-3582


JSON object : View

Products Affected

dell

  • latitude_d530
  • latitude_d631
  • latitude_d630
  • latitude_d531
  • precision_m6300
  • latitude_e4200
  • precision_m2400
  • latitude_e4300
  • precision_m2300
  • precision_m4400
  • precision_m6400
  • precision_m4300
  • latitude_e6400
  • latitude_e6400_atg_xfr
  • latitude_d830
  • latitude_xt2
  • latitude_e6400_atg
  • latitude_e5400
  • latitude_e5500
  • latitude_z600
  • latitude_e6500
  • precision_m6500
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer