ID CVE-2006-6385
Summary Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers.
References
Vulnerable Configurations
  • cpe:2.3:h:intel:pro_1000_adapters:*:*:*:*:*:*:*:*
    cpe:2.3:h:intel:pro_1000_adapters:*:*:*:*:*:*:*:*
  • cpe:2.3:h:intel:pro_1000_pcie_adapters:*:*:*:*:*:*:*:*
    cpe:2.3:h:intel:pro_1000_pcie_adapters:*:*:*:*:*:*:*:*
  • cpe:2.3:h:intel:pro_10_100_adapters:*:*:*:*:*:*:*:*
    cpe:2.3:h:intel:pro_10_100_adapters:*:*:*:*:*:*:*:*
  • cpe:2.3:h:intel:pro_10gbe_adapters:*:*:*:*:*:*:*:*
    cpe:2.3:h:intel:pro_10gbe_adapters:*:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 17-10-2018 - 21:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 21456
bugtraq 20061207 EEYE: Intel Network Adapter Driver Local Privilege Escalation
cert-vn VU#296681
confirm
misc
mlist [freebsd-security] 20061206 Intel LAN Driver Buffer Overflow Local Privilege Escalation
sectrack 1017346
secunia 23221
sreason 2007
vupen ADV-2006-4871
xf intel-lan-driver-bo(30750)
statements via4
contributor Joshua Bressers
lastmodified 2006-12-08
organization Red Hat
statement Not Vulnerable. eEye Research advisory AD20061207 (Intel Network Adapter Driver Local Privilege Escalation) describes a flaw in the Linux Kernel drivers for the e100, e1000, and ixgb Intel network cards. The flaw affects the NDIS miniport drivers and its OID support. The Linux Kernel drivers do not support the NDIS API and the OID concept from Microsoft Windows.
Last major update 17-10-2018 - 21:48
Published 08-12-2006 - 01:28
Last modified 17-10-2018 - 21:48
Back to Top