Required CVE Record Information
Description
A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.
References 21 Total
- http://pacsec.jp/advisories.html
- securityfocus.com: 20080310 RE: [Full-disclosure] Firewire Attack on Windows Vista mailing-list
- securityfocus.com: 20080305 RE: Firewire Attack on Windows Vista mailing-list
- securityfocus.com: 20080305 Firewire Attack on Windows Vista mailing-list
- http://it.slashdot.org/article.pl?sid=08/03/04/1258210
- marc.info: 20041026 pacsec.jp advisory: Firewire/IEEE 1394 Considered Harmful to Physical Security mailing-list
- securityfocus.com: 20080308 Re: [Full-disclosure] Firewire Attack on Windows Vista mailing-list
- exchange.xforce.ibmcloud.com: firewire-ieee1394-interface-installed(18041) vdb-entry
- http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf
- securityfocus.com: 20080308 RE: [Full-disclosure] Firewire Attack on Windows Vista mailing-list
- securityfocus.com: 20080307 Re: Firewire Attack on Windows Vista mailing-list
- securityfocus.com: 20080309 Re: [Full-disclosure] Firewire Attack on Windows Vista mailing-list
- http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf
- securityfocus.com: 20080306 Re: Firewire Attack on Windows Vista mailing-list
- securityfocus.com: 20080305 Re: Firewire Attack on Windows Vista mailing-list
- securityfocus.com: 20080306 RE: Firewire Attack on Windows Vista mailing-list
- securityfocus.com: 20080310 Re: [Full-disclosure] Firewire Attack on Windows Vista mailing-list
- http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf
- http://storm.net.nz/projects/16
- http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html
- securityfocus.com: 20080309 Re: Firewire Attack on Windows Vista mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 21 Total
- http://pacsec.jp/advisories.html x_transferred
- securityfocus.com: 20080310 RE: [Full-disclosure] Firewire Attack on Windows Vista mailing-listx_transferred
- securityfocus.com: 20080305 RE: Firewire Attack on Windows Vista mailing-listx_transferred
- securityfocus.com: 20080305 Firewire Attack on Windows Vista mailing-listx_transferred
- http://it.slashdot.org/article.pl?sid=08/03/04/1258210 x_transferred
- marc.info: 20041026 pacsec.jp advisory: Firewire/IEEE 1394 Considered Harmful to Physical Security mailing-listx_transferred
- securityfocus.com: 20080308 Re: [Full-disclosure] Firewire Attack on Windows Vista mailing-listx_transferred
- exchange.xforce.ibmcloud.com: firewire-ieee1394-interface-installed(18041) vdb-entryx_transferred
- http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf x_transferred
- securityfocus.com: 20080308 RE: [Full-disclosure] Firewire Attack on Windows Vista mailing-listx_transferred
- securityfocus.com: 20080307 Re: Firewire Attack on Windows Vista mailing-listx_transferred
- securityfocus.com: 20080309 Re: [Full-disclosure] Firewire Attack on Windows Vista mailing-listx_transferred
- http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf x_transferred
- securityfocus.com: 20080306 Re: Firewire Attack on Windows Vista mailing-listx_transferred
- securityfocus.com: 20080305 Re: Firewire Attack on Windows Vista mailing-listx_transferred
- securityfocus.com: 20080306 RE: Firewire Attack on Windows Vista mailing-listx_transferred
- securityfocus.com: 20080310 Re: [Full-disclosure] Firewire Attack on Windows Vista mailing-listx_transferred
- http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf x_transferred
- http://storm.net.nz/projects/16 x_transferred
- http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html x_transferred
- securityfocus.com: 20080309 Re: Firewire Attack on Windows Vista mailing-listx_transferred