Re: Dell BIOS DoS

To: James Evans <jae7@xxxxxxxxxx>
Subject: Re: Dell BIOS DoS
From: jon schatz <jon@xxxxxxxxxxxxxxxxxx>
Date: Mon, 08 Dec 2003 23:37:58 -0800
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <3FD4D931.7010407@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <3FD4D931.7010407@xxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 MultiZilla/1.5.0.4c

James Evans wrote:

This is not an incredibly serious problem as such, since a user can goback into the BIOS setup and change the password there, provided theBIOS Setup is not protected with an unknown password. Or, as a lastresort, Dell can be phoned to provide a master backdoor password, aslong as the user can prove herself the legal owner of the computer. Ofcourse, the prerequisite of physical access to the machine highlymitigates this vulnerability.


...and once upon a time the default backdoor dell password was "dell".

seriously, bios passwords are worthless. there are numerous ways to getaround them. most motherboards have a jumper that you can set to resetyour cmos / bios (probably misusing one of those terms) to the factorydefaults. or you can just yank the cmos battery out. for your laptop, itmight be a bit trickier, but you can usually get to the jumpersunderneath the keyboard (at least on my old sager you could).


hth.

-jon
--
jon@xxxxxxxxxxxxxxxxxx || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus? www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."

Follow-Ups:
- Re: Dell BIOS DoS
  - From: der Mouse
- Re: Dell BIOS DoS
  - From: Steve Shockley

References:
- Dell BIOS DoS
  - From: James Evans

Prev by Date: MDKSA-2003:113 - Updated screen packages fix buffer overflow vulnerability
Next by Date: Multiple Vendor SOAP server (XML parser) attribute blowup DoS
Previous by thread: Dell BIOS DoS
Next by thread: Re: Dell BIOS DoS
Index(es):
- Date
- Thread