VAR-200901-0299
Vulnerability from variot - Updated: 2023-12-18 13:30Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Details on these issues are scheduled to be released at the BlackHat Security Conference on February 16-17, 2009. We will update this BID as more information becomes available. Trusted Boot 20081008 is affected; additional applications using TXT may also be affected. Intel Trusted Execution Technology is a provided security technology that works with the motherboard chipset supporting Intel vPro commercial technology and Virtual Machine virtual machine software to help protect important system data and prevent it from being attacked
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200901-0299",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "_nil_"
},
{
"model": "trusted execution technology",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "boot trusted boot",
"scope": "eq",
"trust": 0.3,
"vendor": "trusted",
"version": "20081008"
},
{
"model": "trusted execution technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "33119"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004410"
},
{
"db": "NVD",
"id": "CVE-2009-0066"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-067"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:trusted_execution_technology:_nil_:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0066"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rafal Wojtczuk and Joanna Rutkowska",
"sources": [
{
"db": "BID",
"id": "33119"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-067"
}
],
"trust": 0.9
},
"cve": "CVE-2009-0066",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-0066",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-37512",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0066",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200901-067",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-37512",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37512"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004410"
},
{
"db": "NVD",
"id": "CVE-2009-0066"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-067"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. \nDetails on these issues are scheduled to be released at the BlackHat Security Conference on February 16-17, 2009. We will update this BID as more information becomes available. \nTrusted Boot 20081008 is affected; additional applications using TXT may also be affected. Intel Trusted Execution Technology is a provided security technology that works with the motherboard chipset supporting Intel vPro commercial technology and Virtual Machine virtual machine software to help protect important system data and prevent it from being attacked",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0066"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004410"
},
{
"db": "BID",
"id": "33119"
},
{
"db": "VULHUB",
"id": "VHN-37512"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0066",
"trust": 2.5
},
{
"db": "BID",
"id": "33119",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004410",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200901-067",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-37512",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37512"
},
{
"db": "BID",
"id": "33119"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004410"
},
{
"db": "NVD",
"id": "CVE-2009-0066"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-067"
}
]
},
"id": "VAR-200901-0299",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-37512"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:30:22.766000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Trusted Execution Technology",
"trust": 0.8,
"url": "http://www.intel.com/content/www/us/en/trusted-execution-technology/trusted-execution-technology-security-paper.html?wapkw=trusted+execution+technology"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004410"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0066"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://theinvisiblethings.blogspot.com/2009/01/attacking-intel-trusted-execution.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/33119"
},
{
"trust": 1.7,
"url": "http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#wojtczuk"
},
{
"trust": 1.7,
"url": "http://invisiblethingslab.com/press/itl-press-2009-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0066"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0066"
},
{
"trust": 0.3,
"url": "http://tboot.sourceforge.net/"
},
{
"trust": 0.3,
"url": "http://www.intel.com/technology/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37512"
},
{
"db": "BID",
"id": "33119"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004410"
},
{
"db": "NVD",
"id": "CVE-2009-0066"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-067"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-37512"
},
{
"db": "BID",
"id": "33119"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004410"
},
{
"db": "NVD",
"id": "CVE-2009-0066"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-067"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-01-07T00:00:00",
"db": "VULHUB",
"id": "VHN-37512"
},
{
"date": "2009-01-05T00:00:00",
"db": "BID",
"id": "33119"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004410"
},
{
"date": "2009-01-07T19:30:00.297000",
"db": "NVD",
"id": "CVE-2009-0066"
},
{
"date": "2009-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-067"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-37512"
},
{
"date": "2009-01-06T14:22:00",
"db": "BID",
"id": "33119"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004410"
},
{
"date": "2009-01-08T05:00:00",
"db": "NVD",
"id": "CVE-2009-0066"
},
{
"date": "2009-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-067"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-067"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TXT of Intel Vulnerabilities that prevent the integrity of loader integrity in system software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004410"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-067"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…