Toshiba ACPI BIOS MBR Boot Order Issue

2005-03-29T22:56:30
ID OSVDB:15734
Type osvdb
Reporter Paul J. Docherty(pjd@portcullis-security.com)
Modified 2005-03-29T22:56:30

Description

Vulnerability Description

Toshiba ACPI BIOS contains a flaw that may allow a local denial of service. The issue is due to an error, which causes the BIOS to only check the first slot in the MBR table for a bootable partition. It is possible for a malicious user to arbitrary specify a different slot in the MBR table, which prevents the system from booting resulting in a loss of availability.

Technical Description

To exploit this flaw, a malicious user must have physical access to the system. With such access, there are a number of attacks that could be carried out against a machine regardless of BIOS type, each of which would prevent the machine from booting. While this may technically be an issue, there are more serious concerns if an attacker is able to gain this type of prolonged physical access without detection.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: prevent unauthorized physical access to the machine.

Short Description

Toshiba ACPI BIOS contains a flaw that may allow a local denial of service. The issue is due to an error, which causes the BIOS to only check the first slot in the MBR table for a bootable partition. It is possible for a malicious user to arbitrary specify a different slot in the MBR table, which prevents the system from booting resulting in a loss of availability.

References:

Vendor URL: http://www.toshibadirect.com/td/b2c/clin.to?rcid=-26367&coid=-26368&ccid=1291021&seg=HHO&sel=0 Security Tracker: 1013593 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=111229708208629&w=2 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=111229803502643&w=2 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=111214319914810&w=2 ISS X-Force ID: 19895 CVE-2005-0963