The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of OpenBSD: bypassing securelevel via SMM

Synthesis of the vulnerability 

A local administrator can modify securelevel on a Pentium processor.
Vulnerable systems: OpenBSD.
Severity of this threat: 1/4.
Creation date: 19/12/2006.
Références of this weakness: CVE-2006-6730, VIGILANCE-VUL-6410.

Description of the vulnerability 

The securelevel parameter indicates the security level of system. Administrator can only increase this level.

Administrator can then only read memory via /dev/mem. One exception is the X server which can use /dev/xf86 to access to video addresses (0xA0000 to 0xBFFFF) for read and write.

Pentium processors have 4 modes: real address, protected, virtual and SMM (System Management Mode). SMM mode is privileged and is activated after a SMI hardware interruption. When this interruption is received, context is saved in SMRAM, generally located at address 0xA0000.

A local administrator can use /dev/xf86 to store a handler in SMRAM, which modifies securelevel, and permits to access all memory. Technical details are provided in the paper.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security threat impacts software or systems such as OpenBSD.

Our Vigil@nce team determined that the severity of this computer weakness note is low.

The trust level is of type confirmed by a trusted third party, with an origin of user shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer threat alert.

Solutions for this threat 

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability bulletin. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.