Executive Summary
Summary | |
---|---|
Title | Broadcom NetXtreme management firmware ASF buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#512705 | First vendor Publication | 2010-03-25 |
Vendor | VU-CERT | Last vendor Modification | 2010-06-21 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#512705Broadcom NetXtreme management firmware ASF buffer overflowOverviewA buffer overflow vulnerability exists in the Broadcom NetXtreme management firmware. This vulnerability may allow a remote attacker to execute arbitrary code on an affected device.I. DescriptionThe Alert Standard Format (ASF) Specification is a protocol developed by Distributed Management Task Force, Inc. (DMTF) that defines remote control and alerting interfaces for systems and devices when a host operating system is not present. The management firmware supplied with certain Broadcom NetXtreme network adapters supports ASF. A buffer overflow vulnerability exists in certain versions of this firmware when handling malformed ASF version 2.0 RAKP Message 1 packets. Devices with affected versions of the firmware would only be vulnerable if Remote Management and Control Protocol (RMCP) over the RMCP Security-Extensions Protocol (RSP) manageability is enabled. This functionality is typically disabled by default.
Broadcom notes that reliable exploitation of this vulnerability is specific to the device type and firmware version in use on the target system. II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary or chosen code on the embedded management controller or cause the controller to halt operation, resulting in a denial of service.III. SolutionApply an update from the vendorBroadcom has released updated versions of the management firmware for all affected devices to PC OEMs as part of the Broadcom NetXtreme 14.0 software release. Users should consult the Systems Affected section of this document for information about specific OEM vendors.
Referenceshttp://www.ssi.gouv.fr/site_article185.html Thanks to Rob Swindell of Broadcom for reporting this vulnerability. Broadcom credits Loïc Duflot, Yves-Alexis Perez of the French Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) with reporting this issue. This document was written by Chad R Dougherty.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/512705 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63007 | HP Broadcom Integrated NIC Management Firmware Unspecified Arbitrary Code Exe... |
Alert History
Date | Informations |
---|---|
2013-05-11 00:57:09 |
|