[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] EEYE: Intel Network Adapter Driver Local Privilege Escalation
- To: Josh Bressers <bressers@xxxxxxxxxx>
- Subject: Re: [Full-disclosure] EEYE: Intel Network Adapter Driver Local Privilege Escalation
- From: "Randal T. Rioux" <randy@xxxxxxxxxxxxxxx>
- Date: Tue, 12 Dec 2006 06:39:37 -0500
Josh Bressers wrote:
>> eEye Research - http://research.eeye.com
>>
>> Intel Network Adapter Driver Local Privilege Escalation
>>
>> Release Date:
>> December 7, 2006
>>
>> Date Reported:
>> July 10, 2006
>>
>> Severity:
>> Medium (Local Privilege Escalation to Kernel)
>>
>> Systems Affected:
>> Windows 2000, XP, 2003, Vista
>> Intel PRO 10/100 - 8.0.27.0 or previous
>> Intel PRO/1000 - 8.7.1.0 or previous
>> Intel PRO/1000 PCI - 9.1.30.0 or previous
>> Linux
>> Intel PRO 10/100 - 3.5.14 or previous
>> Intel PRO/1000 - 7.2.7 or previous
>> Intel PRO/10GbE - 1.0.109 or previous
>> UnixWare/SCO6
>> Intel PRO 10/100 - 4.0.3 or previous
>> Intel PRO/1000 - 9.0.15 or previous
>
> It's worth noting that this advisory is misleading. This flaw does not
> affect the Linux drivers. The Linux drivers do not support the NDIS API
> and the OID concept that Windows does.
>
Thanks for the confirmation... I thought I had gone mad for a bit there.
It just didn't sound right. The version numbers threw me off. Does
anyone know how these specific Linux driver version numbers were determined?
Randy
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/