var-200901-0299
Vulnerability from variot
Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Details on these issues are scheduled to be released at the BlackHat Security Conference on February 16-17, 2009. We will update this BID as more information becomes available. Trusted Boot 20081008 is affected; additional applications using TXT may also be affected. Intel Trusted Execution Technology is a provided security technology that works with the motherboard chipset supporting Intel vPro commercial technology and Virtual Machine virtual machine software to help protect important system data and prevent it from being attacked
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200901-0299", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "trusted execution technology", "scope": "eq", "trust": 1.6, "vendor": "intel", "version": "_nil_" }, { "model": "trusted execution technology", "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": "boot trusted boot", "scope": "eq", "trust": 0.3, "vendor": "trusted", "version": "20081008" }, { "model": "trusted execution technology", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "0" } ], "sources": [ { "db": "BID", "id": "33119" }, { "db": "JVNDB", "id": "JVNDB-2009-004410" }, { "db": "CNNVD", "id": "CNNVD-200901-067" }, { "db": "NVD", "id": "CVE-2009-0066" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:intel:trusted_execution_technology", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-004410" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Rafal Wojtczuk and Joanna Rutkowska", "sources": [ { "db": "BID", "id": "33119" }, { "db": "CNNVD", "id": "CNNVD-200901-067" } ], "trust": 0.9 }, "cve": "CVE-2009-0066", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "id": "CVE-2009-0066", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "id": "VHN-37512", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2009-0066", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2009-0066", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-200901-067", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-37512", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-37512" }, { "db": "JVNDB", "id": "JVNDB-2009-004410" }, { "db": "CNNVD", "id": "CNNVD-200901-067" }, { "db": "NVD", "id": "CVE-2009-0066" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. \nDetails on these issues are scheduled to be released at the BlackHat Security Conference on February 16-17, 2009. We will update this BID as more information becomes available. \nTrusted Boot 20081008 is affected; additional applications using TXT may also be affected. Intel Trusted Execution Technology is a provided security technology that works with the motherboard chipset supporting Intel vPro commercial technology and Virtual Machine virtual machine software to help protect important system data and prevent it from being attacked", "sources": [ { "db": "NVD", "id": "CVE-2009-0066" }, { "db": "JVNDB", "id": "JVNDB-2009-004410" }, { "db": "BID", "id": "33119" }, { "db": "VULHUB", "id": "VHN-37512" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-0066", "trust": 2.5 }, { "db": "BID", "id": "33119", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2009-004410", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200901-067", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-37512", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-37512" }, { "db": "BID", "id": "33119" }, { "db": "JVNDB", "id": "JVNDB-2009-004410" }, { "db": "CNNVD", "id": "CNNVD-200901-067" }, { "db": "NVD", "id": "CVE-2009-0066" } ] }, "id": "VAR-200901-0299", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-37512" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:43:09.371000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Trusted Execution Technology", "trust": 0.8, "url": "http://www.intel.com/content/www/us/en/trusted-execution-technology/trusted-execution-technology-security-paper.html?wapkw=trusted+execution+technology" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-004410" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2009-0066" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://theinvisiblethings.blogspot.com/2009/01/attacking-intel-trusted-execution.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/33119" }, { "trust": 1.7, "url": "http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#wojtczuk" }, { "trust": 1.7, "url": "http://invisiblethingslab.com/press/itl-press-2009-01.pdf" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0066" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0066" }, { "trust": 0.3, "url": "http://tboot.sourceforge.net/" }, { "trust": 0.3, "url": "http://www.intel.com/technology/security/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-37512" }, { "db": "BID", "id": "33119" }, { "db": "JVNDB", "id": "JVNDB-2009-004410" }, { "db": "CNNVD", "id": "CNNVD-200901-067" }, { "db": "NVD", "id": "CVE-2009-0066" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-37512" }, { "db": "BID", "id": "33119" }, { "db": "JVNDB", "id": "JVNDB-2009-004410" }, { "db": "CNNVD", "id": "CNNVD-200901-067" }, { "db": "NVD", "id": "CVE-2009-0066" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-01-07T00:00:00", "db": "VULHUB", "id": "VHN-37512" }, { "date": "2009-01-05T00:00:00", "db": "BID", "id": "33119" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-004410" }, { "date": "2009-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-200901-067" }, { "date": "2009-01-07T19:30:00.297000", "db": "NVD", "id": "CVE-2009-0066" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-01-08T00:00:00", "db": "VULHUB", "id": "VHN-37512" }, { "date": "2009-01-06T14:22:00", "db": "BID", "id": "33119" }, { "date": "2012-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-004410" }, { "date": "2009-01-08T00:00:00", "db": "CNNVD", "id": "CNNVD-200901-067" }, { "date": "2024-11-21T00:58:59.083000", "db": "NVD", "id": "CVE-2009-0066" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200901-067" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "TXT of Intel Vulnerabilities that prevent the integrity of loader integrity in system software", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-004410" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-200901-067" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.