{"vuid":"VU#912156","idnumber":"912156","name":"Dell BIOS in some Latitude laptops and Precision Mobile Workstations vulnerable to buffer overflow","keywords":["Dell","BIOS","flashing","buffer overflow","Latitude","Precision","laptop","workstation","CVE-2013-3582"],"overview":"Dell BIOS in some older Latitude laptops and Precision Mobile Workstations are vulnerable to buffer overflows (CWE-119), which can bypass the signed BIOS enforcement standard.","clean_desc":"CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer Dell BIOS in some older Latitude laptops and Precision Mobile Workstations is vulnerable to buffer overflows in the rbu_packet.pktNum and rbu_packet.pktSize values. These values can be set by an attacker while performing an illegitimate BIOS update. The BIOS reads these values when reconstructing the BIOS image, before any signature check occurs. More information is available from the BIOS Security presentation at Black Hat USA 2013.","impact":"By convincing a user with root or administrative privileges to execute a malicious BIOS update, an attacker can bypass the signed BIOS enforcement to install an arbitrary BIOS image that could contain a rootkit or malicious code that persists across operating system re-installations and official BIOS updates.","resolution":"Apply an Update Dell has released updated BIOS versions for the affected Latitude and Precision systems that can be downloaded from their support site. Dell has provided the following list of fixed BIOS versions: Dell System Released Rev Latitude D530 8/22/2013 A12\nLatitude D531 7/16/2013 A12\nLatitude D630 7/16/2013 A19\nLatitude D631 7/26/2013 A12\nLatitude D830 7/16/2013 A17\nPrecision M2300 7/16/2013 A11\nPrecision M4300 7/16/2013 A17\nPrecision M6300 7/16/2013 A15\nLatitude E5400 7/16/2013 A19\nLatitude E5500 7/16/2013 A19\nLatitude E4200 7/16/2013 A24\nLatitude E4300 7/16/2013 A26\nLatitude E6400 7/16/2013 A34\nLatitude E6400 ATG 7/16/2013 A34\nLatitude E6400 / ATG / XFR 7/16/2013 A34\nLatitude XT2 7/18/2013 A15\nLatitude E6500 7/16/2013 A29\nLatitude Z600 7/16/2013 A11\nPrecision M2400 7/16/2013 A28\nPrecision M4400 7/16/2013 A29\nPrecision M6400 7/16/2013 A13\nPrecision M6500 7/18/2013 A10","workarounds":"","sysaffected":"","thanks":"Thanks to \nCorey Kallenberg, John Butterworth, and Xeno Kovah of the MITRE Corporation for reporting this vulnerability. Thanks also to Rick Martinez from Dell.","author":"This document was written by Adam Rauf.","public":["https://www.blackhat.com/us-13/archives.html#Butterworth","http://www.mitre.org/work/cybersecurity/blog/cyber_tools_butterworth.html","http://support.dell.com/"],"cveids":["CVE-2013-3582"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-02-28T18:39:09Z","publicdate":"2013-08-15T00:00:00Z","datefirstpublished":"2013-08-15T13:12:58Z","dateupdated":"2013-08-22T18:39:02Z","revision":55,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"H","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.2","cvss_basevector":"AV:L/AC:H/Au:N/C:C/I:C/A:C","cvss_temporalscore":"4.9","cvss_environmentalscore":"3.7","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}