QwikSec

Security Database

CVE

CWE

Training

CVE-2004-1038

Published: Nov 16, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://pacsec.jp/advisories.html

x_refsource_MISC

20080310 RE: [Full-disclosure] Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

20080305 RE: Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

20080305 Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

http://it.slashdot.org/article.pl?sid=08/03/04/1258210

x_refsource_MISC

20041026 pacsec.jp advisory: Firewire/IEEE 1394 Considered Harmful to Physical Security

mailing-list

x_refsource_BUGTRAQ

20080308 Re: [Full-disclosure] Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

firewire-ieee1394-interface-installed(18041)

vdb-entry

x_refsource_XF

http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf

x_refsource_MISC

20080308 RE: [Full-disclosure] Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

20080307 Re: Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

20080309 Re: [Full-disclosure] Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf

x_refsource_MISC

20080306 Re: Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

20080305 Re: Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

20080306 RE: Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

20080310 Re: [Full-disclosure] Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf

x_refsource_MISC

http://storm.net.nz/projects/16

x_refsource_MISC

http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html

x_refsource_MISC

20080309 Re: Firewire Attack on Windows Vista

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.