[Full-disclosure] EEYE: Intel Network Adapter Driver Local Privilege Escalation
Josh Bressers
bressers at redhat.com
Sat Dec 9 01:21:37 GMT 2006
> eEye Research - http://research.eeye.com
>
> Intel Network Adapter Driver Local Privilege Escalation
>
> Release Date:
> December 7, 2006
>
> Date Reported:
> July 10, 2006
>
> Severity:
> Medium (Local Privilege Escalation to Kernel)
>
> Systems Affected:
> Windows 2000, XP, 2003, Vista
> Intel PRO 10/100 - 8.0.27.0 or previous
> Intel PRO/1000 - 8.7.1.0 or previous
> Intel PRO/1000 PCI - 9.1.30.0 or previous
> Linux
> Intel PRO 10/100 - 3.5.14 or previous
> Intel PRO/1000 - 7.2.7 or previous
> Intel PRO/10GbE - 1.0.109 or previous
> UnixWare/SCO6
> Intel PRO 10/100 - 4.0.3 or previous
> Intel PRO/1000 - 9.0.15 or previous
It's worth noting that this advisory is misleading. This flaw does not
affect the Linux drivers. The Linux drivers do not support the NDIS API
and the OID concept that Windows does.
--
Josh Bressers // Red Hat Security Response Team
Full-Disclosure is hosted and sponsored by Secunia.