[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 Dec 2006 06:39:37 -0500
From: "Randal T. Rioux" <randy@...cyonlabs.com>
To: Josh Bressers <bressers@...hat.com>
Cc: Full-Disclosure@...ts.grok.org.uk
Subject: Re: EEYE: Intel Network Adapter Driver
Local Privilege Escalation
Josh Bressers wrote:
>> eEye Research - http://research.eeye.com
>>
>> Intel Network Adapter Driver Local Privilege Escalation
>>
>> Release Date:
>> December 7, 2006
>>
>> Date Reported:
>> July 10, 2006
>>
>> Severity:
>> Medium (Local Privilege Escalation to Kernel)
>>
>> Systems Affected:
>> Windows 2000, XP, 2003, Vista
>> Intel PRO 10/100 - 8.0.27.0 or previous
>> Intel PRO/1000 - 8.7.1.0 or previous
>> Intel PRO/1000 PCI - 9.1.30.0 or previous
>> Linux
>> Intel PRO 10/100 - 3.5.14 or previous
>> Intel PRO/1000 - 7.2.7 or previous
>> Intel PRO/10GbE - 1.0.109 or previous
>> UnixWare/SCO6
>> Intel PRO 10/100 - 4.0.3 or previous
>> Intel PRO/1000 - 9.0.15 or previous
>
> It's worth noting that this advisory is misleading. This flaw does not
> affect the Linux drivers. The Linux drivers do not support the NDIS API
> and the OID concept that Windows does.
>
Thanks for the confirmation... I thought I had gone mad for a bit there.
It just didn't sound right. The version numbers threw me off. Does
anyone know how these specific Linux driver version numbers were determined?
Randy
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists