[NEWS] Security Vulnerability in ECS-K7S5A(L) Boards

From: support@securiteam.com
Date: 06/01/02


From: support@securiteam.com
To: list@securiteam.com
Date: Sat,  1 Jun 2002 23:13:42 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Security Vulnerability in ECS-K7S5A(L) Boards
------------------------------------------------------------------------

SUMMARY

The administrator-password set in the BIOS of the
<http://www.ecs.com.tw/products/k7s5a.htm> K7S5A(L) locks out BIOS-access
from the console. However, it does not disable access to the boot-menu.
Even though the system is configured to boot from hard drive only, and has
an admin-password set, someone with physical access to the system can
still boot from floppy or CD using the boot-menu.

DETAILS

Vulnerable systems:
 * All K7S5AL-boards, confirmed up to BIOS V.02/02/06

Impact:
Any person with physical access to the machine can reboot from a removable
medium (introduced by him-self). By doing this, authentication mechanisms
on the machine can be bypassed, compromising the data on the system and
the system itself.

Working from this compromised system with e.g. root/admin access can
threaten the rest of a network, depending on the architecture and
authentication mechanisms.

Workaround:
None at this moment, restrict physical access to the console where
possible.

Vendor status:
The vendor has been notified on the 30 April.

ADDITIONAL INFORMATION

The information has been provided by <mailto:unixmafia@flashmail.com> Guy
Van Sanden.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [UNIX] ProBoards Forums Contains a XXS Vulnerability
    ... A user viewing the post would see a popup message containing his cookie. ... Vendor was notified and the vulnerability was fixed almost immediately. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [NT] Macromedia Sitespring Cross-Site Scripting
    ... The vendor was notified on 16 April 2002. ... Replace the error script with a custom error page. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [UNIX] Sun AnswerBook2 Gettransbitmap Buffer Overflow Vulnerability
    ... there are no vendor patches available. ... Otherwise, disable AnswerBook2. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [UNIX] IcrediBB Contains a Cross Site Scripting Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Vendor has been notified of all issues discussed. ... This bulletin is sent to members of the SecuriTeam mailing list. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [UNIX] Integer overflow in PHP array_pad() function
    ... execute PHP commands to gain administrative privileges. ... Vendor was contacted. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)