Sign-up

ID

VAR-200901-0299


CVE

CVE-2009-0066


TITLE

TXT of Intel Vulnerabilities that prevent the integrity of loader integrity in system software

Trust: 0.8

sources: JVNDB: JVNDB-2009-004410

DESCRIPTION

Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Details on these issues are scheduled to be released at the BlackHat Security Conference on February 16-17, 2009. We will update this BID as more information becomes available. Trusted Boot 20081008 is affected; additional applications using TXT may also be affected. Intel Trusted Execution Technology is a provided security technology that works with the motherboard chipset supporting Intel vPro commercial technology and Virtual Machine virtual machine software to help protect important system data and prevent it from being attacked

Trust: 1.98

sources: NVD: CVE-2009-0066 // JVNDB: JVNDB-2009-004410 // BID: 33119 // VULHUB: VHN-37512

AFFECTED PRODUCTS

vendor:intelmodel:trusted execution technologyscope:eqversion:_nil_

Trust: 1.6

vendor:intelmodel:trusted execution technologyscope: - version: -

Trust: 0.8

vendor:trustedmodel:boot trusted bootscope:eqversion:20081008

Trust: 0.3

vendor:intelmodel:trusted execution technologyscope:eqversion:0

Trust: 0.3

sources: BID: 33119 // JVNDB: JVNDB-2009-004410 // CNNVD: CNNVD-200901-067 // NVD: CVE-2009-0066

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0066
value: HIGH

Trust: 1.0

NVD: CVE-2009-0066
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200901-067
value: HIGH

Trust: 0.6

VULHUB: VHN-37512
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-0066
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-37512
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-37512 // JVNDB: JVNDB-2009-004410 // CNNVD: CNNVD-200901-067 // NVD: CVE-2009-0066

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-0066

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200901-067

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200901-067

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-004410

PATCH
title:Trusted Execution Technologyurl:http://www.intel.com/content/www/us/en/trusted-execution-technology/trusted-execution-technology-security-paper.html?wapkw=trusted+execution+technology
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-004410

EXTERNAL IDS
db:NVDid:CVE-2009-0066
Trust: 2.5
db:BIDid:33119
Trust: 2.0
db:JVNDBid:JVNDB-2009-004410
Trust: 0.8
db:CNNVDid:CNNVD-200901-067
Trust: 0.7
db:VULHUBid:VHN-37512
Trust: 0.1
sources:
            
            
            VULHUB: VHN-37512 // 
            
            
            
            BID: 33119 // 
            
            
            
            JVNDB: JVNDB-2009-004410 // 
            
            
            
            CNNVD: CNNVD-200901-067 // 
            
            
            
            NVD: CVE-2009-0066

REFERENCES
url:http://theinvisiblethings.blogspot.com/2009/01/attacking-intel-trusted-execution.html
Trust: 2.0
url:http://www.securityfocus.com/bid/33119
Trust: 1.7
url:http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#wojtczuk
Trust: 1.7
url:http://invisiblethingslab.com/press/itl-press-2009-01.pdf
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0066
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0066
Trust: 0.8
url:http://tboot.sourceforge.net/
Trust: 0.3
url:http://www.intel.com/technology/security/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-37512 // 
            
            
            
            BID: 33119 // 
            
            
            
            JVNDB: JVNDB-2009-004410 // 
            
            
            
            CNNVD: CNNVD-200901-067 // 
            
            
            
            NVD: CVE-2009-0066

CREDITS
Rafal Wojtczuk and Joanna Rutkowska
Trust: 0.9
sources:
            
            
            BID: 33119 // 
            
            
            
            CNNVD: CNNVD-200901-067

SOURCES
db:VULHUBid:VHN-37512
db:BIDid:33119
db:JVNDBid:JVNDB-2009-004410
db:CNNVDid:CNNVD-200901-067
db:NVDid:CVE-2009-0066

LAST UPDATE DATE
2024-11-23T22:43:09.371000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-37512date:2009-01-08T00:00:00
db:BIDid:33119date:2009-01-06T14:22:00
db:JVNDBid:JVNDB-2009-004410date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200901-067date:2009-01-08T00:00:00
db:NVDid:CVE-2009-0066date:2024-11-21T00:58:59.083

SOURCES RELEASE DATE
db:VULHUBid:VHN-37512date:2009-01-07T00:00:00
db:BIDid:33119date:2009-01-05T00:00:00
db:JVNDBid:JVNDB-2009-004410date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200901-067date:2009-01-07T00:00:00
db:NVDid:CVE-2009-0066date:2009-01-07T19:30:00.297