CyberSecurityBoard
Sponsor Register Login

PixieFail flaws impact PXE network boot in enterprise systems

A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers.
The flaws are present in the PXE network boot process, which is crucial for provisioning operating systems in data centers and high-performance computing environments, and a standard procedure for loading OS images from the network at boot.
The PixieFail flaws were discovered by Quarkslab researchers and have already been disclosed to impacted vendors via a coordinated effort by CERT/CC and CERT-FR. PixieFail details.
The PixieFail vulnerabilities arise from the implementation of IPv6 in the Preboot Execution Environment, part of the UEFI spec.
PXE enables network booting, and its IPv6 implementation introduces additional protocols, increasing the attack surface.
PixieFail attacks consist of nine flaws that can be exploited locally on a network to cause denial of service, information disclosure, remote code execution, DNS cache poisoning, and network session hijacking.
CVE-2023-45229: Improper handling of IA NA/IA TA options in DHCPv6 Advertise messages, leading to an integer underflow and potential memory corruption.
CVE-2023-45230: Problematic handling of long Server ID options in DHCPv6, allowing for buffer overflow and potentially leading to remote code execution or system crashes.
CVE-2023-45231: Problematic handling of truncated options in Neighbor Discovery Redirect messages, leading to out-of-bounds read. CVE-2023-45232: Flaw in the IPv6 Destination Options header parsing, where unknown options can trigger an infinite loop, causing a denial of service.
CVE-2023-45233: Infinite loop issue in parsing the PadN option in the IPv6 Destination Options header.
CVE-2023-45234: Buffer overflow problem when handling the DNS Servers option in a DHCPv6 Advertise message.
CVE-2023-45235: Vulnerability in handling the Server ID option from a DHCPv6 proxy Advertise message, leading to a buffer overflow.
CVE-2023-45236: The TCP stack in EDK II generates predictable Initial Sequence Numbers, making it susceptible to TCP session hijacking attacks.
CVE-2023-45237: Use of a weak pseudo-random number generator in the network stack, potentially facilitating various network attacks.
Of the above, the most severe are CVE-2023-45230 and CVE-2023-45235, which allow attackers to perform remote code execution, possibly leading to complete system compromise.
Quarkslab has released proof-of-concept exploits that allow admins to detect vulnerable devices on their network.
The PixieFail vulnerabilities impact Tianocore's EDK II UEFI implementation and other vendors using its NetworkPkg module, including major tech companies and BIOS providers.
Although the EDK2 package is included in ChromeOS's source code tree, Google has specified that it is not used in production Chromebooks and isn't impacted by the PixieFail flaws.
LogoFAIL attack can install UEFI bootkits through bootup logos.
Atlassian warns of critical RCE flaw in older Confluence versions.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 16 Jan 2024 17:20:26 +0000


Cyber News related to PixieFail flaws impact PXE network boot in enterprise systems

PixieFail flaws impact PXE network boot in enterprise systems - A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers. The ...
10 months ago Bleepingcomputer.com
CVE-2020-3284 - A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot ...
3 years ago
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs - Researchers have uncovered "LogoFAIL," a set of critical vulnerabilities present in the Unified Extensible Firmware Interface ecosystem for PCs. Exploitation of the vulnerabilities nullify essential endpoint security measures and provide attackers ...
11 months ago Darkreading.com
9 UEFI Flaws Expose Computers to Remote Attacks - Hackers exploit UEFI flaws to gain unauthorized access to a system's firmware, enabling them to implant persistent malware or manipulate the boot process. This provides a stealthy entry point that allows attackers to bypass traditional security ...
10 months ago Gbhackers.com
PixieFail Bugs in UEFI Open Source Implementation Threaten Computers - A collection of security vulnerabilities found within the de facto open source implementation of the UEFI specification could expose systems to a range of threats, from remote code execution and denial-of-service to data leakage and DNS cache ...
10 months ago Securityboulevard.com
Linux Distros Hit by RCE Vulnerability in Shim Bootloader - Linux shim, a small piece of code that many major Linux distros use during the secure boot process, has a remote code execution vulnerability in it that gives attackers a way to take complete control of affected systems. All Linux distributions that ...
9 months ago Darkreading.com
CVSS 9.8 Bootkit Bug in shim.efi - A Microsoft researcher found it-and it's somehow Microsoft's fault. A critical vulnerability in most Linux distributions now has a patch ready. Enterprise users especially need this if booting using HTTP or PXE. So go get it. In today's SB Blogwatch, ...
9 months ago Securityboulevard.com
LogoFail vulnerability affects many Windows and Linux devices - Many commercial computers are vulnerable to a set of vulnerabilities that exploit flaws in the processing of startup logos during boot. ADVERTISEMENT. Security researchers at Binarly have disclosed security vulnerabilities in system firmware used by ...
11 months ago Ghacks.net
CVE-2020-8023 - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of ...
4 years ago
BreachForums admin 'Pompourin' gets 20-year sentence The Register - Last Friday the US District Court for the Eastern District of Virginia ruled [PDF] that Fitzpatrick will spend the next 20 years of his life on supervised release. For the first two years he'll be under home arrest and tracked by a GPS device, and ...
9 months ago Go.theregister.com
CVE-2022-27632 - Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, ...
2 years ago
CVE-2022-28717 - Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini ...
2 years ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
1 year ago Securityaffairs.com
Network Protection: How to Secure a Network - Network security protects and monitors the links and the communications within the network using a combination of hardware, software, and enforced policies. Best practices for network security directly counter the major threats to the network with ...
6 months ago Esecurityplanet.com
CVE-2024-35803 - In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. ...
6 months ago Tenable.com
Remotely Exploitable 'PixieFail' Flaws Found in Tianocore EDK II PXE Implementation - Bug hunters at French security research firm Quarkslab have found multiple serious vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI specification, warning there is a risk of remote code execution attacks. In a ...
10 months ago Securityweek.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
10 months ago Securityintelligence.com
GitHub rotates keys to mitigate impact of credential-exposing flaw - GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. This unsafe reflection vulnerability can allow attackers to gain remote ...
10 months ago Bleepingcomputer.com
Why Use a VLAN? Unveiling the Benefits of Virtual LANs in Network Security - Virtual Local Area Networks, or VLANs, serve as a critical computing technology designed for effective network traffic management. How VLANs function within a network environment revolves around effectively managing and directing network traffic. ...
10 months ago Securityboulevard.com
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
11 months ago Cyberdefensemagazine.com
Over 1,450 pfSense servers exposed to RCE attacks via bug chain - Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. PfSense is a popular open-source firewall ...
11 months ago Bleepingcomputer.com
Shim Bug Uncovered: A Ten-Year Security Breach in Linux Boot Loaders - In the dynamic realm of cybersecurity, discovering a significant flaw in every Linux boot loader signed in the past decade has underscored the pervasive nature of potential threats. This blog explores the intricacies of the Shim bug, its implications ...
9 months ago Cysecurity.news
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks - A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. Tracked as CVE-2023-4969, the security issue enables data ...
10 months ago Bleepingcomputer.com
CVE-2020-8022 - A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)