CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
54.8%
A design error in the IEEE1394 specification allows attackers with physical
access to a device to read and write to sensitive memory using a modified
FireWire/IEEE 1394 client, thus bypassing intended restrictions that would
normally require greater degrees of physical access to exploit. NOTE: this
was reported in 2008 to affect Windows Vista, but some Linux-based
operating systems have protection mechanisms against this attack.
Author | Note |
---|---|
kees | This is a physical design issue with Firewire. It can be mitigated via setting “options ohci1394 phys_dma=0” in a /etc/modprobe.d/ file, though this will greatly reduce the speed of your Firewire. |