Re: Intel D845HV/WN/PT series motherboard vulnerability

From: Dave Oliver (bugtraqat_private)
Date: Fri May 03 2002 - 06:22:37 PDT

Next message: secureat_private: "[CLA-2002:477] Conectiva Linux Security Announcement - mod_python"

Previous message: Frank Hecker: "Fix for Mozilla XMLHttpRequest file disclosure vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <20020425131055.15795.qmailat_private> Intel have now released a new BIOS for each of the affected boards. Please go to the appropriate URL to download the update: http://developer.intel.com/design/motherbd/hv/hv_bios.htm http://developer.intel.com/design/motherbd/bg/bg_bios.htm http://developer.intel.com/design/motherbd/wn/wn_bios.htm http://developer.intel.com/design/motherbd/pt/pt_bios.htm On each of the pages, you will find release notes that explain the fix implemented. ---Original message--- >Subject: Intel D845HV/WN/PT series motherboard vulnerability > >Affected systems: > >Intel D845HV / WN (tested on BIOS revisions P05-0022, >P09-0035, P10-0038) >and D845PT (tested on BIOS P01-0012) Pentium 4 motherboards > >Problem: > >If the user hits the F8 key during the POST they are >presented with a "Please select boot device" dialog, >enabling them to boot off of any bootable device in the PC >(FDD, HDD, CDROM, Network, etc). > >This dialog is obtainable regardless of whether a Supervisor >password has been set in the BIOS, and the "User Access >Level" does not affect the user's ability to boot from an >alternate device. > >This is obviously a concern to any administrator who doesn't >want users to be able to boot from an alternate device, as >this could enable different software / OS to be installed, >it enables boot sector viral infection, and can also give >the user better access to the PC's file system. > >Workaround: (Untested by author on D845PT, tested and >working on HV / WN) > >To stop the user from being able to boot off of alternate >devices, follow this procedure: > >Set a Supervisor password in the BIOS, and set the User >access level to "No Access" > >In the BOOT options, Boot Device Priority, disable >everything except the Hard Disk (as you normally would). > >In the Removable Drives and ATAPI CD-ROM Drives option, >disable all shown devices. Also disable any other hard >drives which may be in the PC (other than the one you want >to boot from). > >Save and Exit. > >The user can still press F8, and get the boot option >dialogue with all available devices listed, but regardless >of which device they select the PC will boot from the hard disk. > >Intel are working on a new BIOS release which will >completely remove (or allow you to disable) the F8 option. > > >Thanks to Intel & Viglen.co.uk for the workaround. > >

Next message: secureat_private: "[CLA-2002:477] Conectiva Linux Security Announcement - mod_python"
Previous message: Frank Hecker: "Fix for Mozilla XMLHttpRequest file disclosure vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 03 2002 - 12:51:53 PDT