SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Intel *45 *35 chipset - txt attack


Arrow  SecurityAlert : 6877
Arrow  CVE : CVE-2009-4419
Arrow  CWE : CWE-16
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : No
Arrow  Local Exploit : Yes
Arrow  Victim interaction required : No
Arrow  Exploit Available : No
Arrow  Credit : Joanna Rutkowska
Arrow  Published : 26.12.2009

Arrow  Affected Hardware : intel:q35_chipset
intel:gm45_chipset
intel:pm45_express_chipset
intel:q45_chipset
intel:q43_express_chipset



Arrow  Advisory Content :  

Another TXT Attack
Earlier this year our team has presented an attack against Intel TXT that
exploited a design problem with SMM mode being over privileged on PC
platforms and able to interfere with the SENTER instruction. The Intel
response was two-fold: to patch the SMM implementation bugs we used for the
attack (this patch was for both the NVACPI SMM attacks, as well as for the
SMM caching attack), and also to start (intensify?) working on STM
specification, that is, we heard, planned to be published sometime in the
near future. STM is a thin hypervisor concept that is supposed to provide
protection against (potentially) malicious SMMs.

Today we present a totally different attack that allows an attacker to
trick the SENTER instruction into misconfiguring the VT-d engine, so that
it doesn’t protect the newly loaded hypervisor or kernel. This attack
exploits an implementation flaw in a SINIT AC module. This new attack also
allows for full TXT circumvention, using a software-only attack. This
attack doesn't require any SMM bugs to succeed and is totally independent
from the previous one.

Arrow  References :

http://xforce.iss.net/xforce/xfdb/54963
http://www.vupen.com/english/advisories/2009/3618
http://www.securitytracker.com/id?1023382
http://www.securityfocus.com/bid/37430
http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021&languageid=en-fr
http://secunia.com/advisories/37900
http://osvdb.org/61248
http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.