[Full-disclosure] EEYE: Intel Network Adapter Driver Local Privilege Escalation
Randal T. Rioux
randy at procyonlabs.com
Tue Dec 12 11:39:37 GMT 2006
Josh Bressers wrote:
>> eEye Research - http://research.eeye.com
>>
>> Intel Network Adapter Driver Local Privilege Escalation
>>
>> Release Date:
>> December 7, 2006
>>
>> Date Reported:
>> July 10, 2006
>>
>> Severity:
>> Medium (Local Privilege Escalation to Kernel)
>>
>> Systems Affected:
>> Windows 2000, XP, 2003, Vista
>> Intel PRO 10/100 - 8.0.27.0 or previous
>> Intel PRO/1000 - 8.7.1.0 or previous
>> Intel PRO/1000 PCI - 9.1.30.0 or previous
>> Linux
>> Intel PRO 10/100 - 3.5.14 or previous
>> Intel PRO/1000 - 7.2.7 or previous
>> Intel PRO/10GbE - 1.0.109 or previous
>> UnixWare/SCO6
>> Intel PRO 10/100 - 4.0.3 or previous
>> Intel PRO/1000 - 9.0.15 or previous
>
> It's worth noting that this advisory is misleading. This flaw does not
> affect the Linux drivers. The Linux drivers do not support the NDIS API
> and the OID concept that Windows does.
>
Thanks for the confirmation... I thought I had gone mad for a bit there.
It just didn't sound right. The version numbers threw me off. Does
anyone know how these specific Linux driver version numbers were determined?
Randy
Full-Disclosure is hosted and sponsored by Secunia.