[Am-info] Intel D845 Motherboard BIOS Series Arbitrary Boot Media Vulnerability

Mon, 6 May 2002 16:32:26 -0400

The D845 series motherboards are a product of Intel.  These motherboards
are designed to support the Pentium 4 processor.

Under some circumstances, it may be possible for a local user to change
the boot media of a system.  The problem is in the use of special keys.

When a system using a D845 series motherboard is booted, it is possible t=
o
halt the boot to change the boot media, even if a BIOS password is set.
By pressing the F8 key, the D845 BIOS will give a user at the console a
menu.  From this menu, a user may specify a different media than the
default from which the system is to be booted.  Any password set on the
BIOS will be circumvented by this procedure.

The problem makes it possible for a user with local access to the system
to alter the boot configuration.  Additionally, the user may be able to
install new operating systems/software on the system, or other activity.
This problem reportedly affects the D845HV and D845WN model motherboards.

- --=20
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
- --- SuSE Linux v8.0 Pro---

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzW6FoACgkQB9vk4ichYXejDQCeMPODJFhEt5P4CIhaHDyy+pRZ
1FkAoLLKAcx4TR7ChgQoPhE0bEx4I4C4
=3DgOUG
-----END PGP SIGNATURE-----