Home / vulnerabilitiesPDF  

smm-escalate.txt

Posted on 11 August 2009
Source : packetstormsecurity.org Link

 

Numerous System Management Mode (SMM) privilege escalation
vulnerabilities in ASUS motherboards including Eee PC series


Release Date:
~~~~~~~~~~~~~
07.08.09


Timeline:
~~~~~~~~~
March 08, 2009: first attempt to contact vendor, no response
March 16, 2009: second attempt to contact vendor, no response
July 18, 2009: CERT contacted, full details of vulnerabilities
disclosed to CERT and to the vendor
July 21, 2009: CERT assigned VU#576329
August 07, 2009: public disclosure


Severity:
~~~~~~~~~
Privilege Escalation and Code Execution in System Management Mode


Vendor:
~~~~~~~
ASUS (www.asus.com)


Systems Affected:
~~~~~~~~~~~~~~~~~
ASUS EeePC series
ASUS P5* series
ASUS B50A series
ASUS P6T series
other systems not tested


Overview:
~~~~~~~~~
BIOS firmware on ASUS motherboards including on Eee PC series is
affected by System Management Mode (SMM) privilege escalation
vulnerabilities.

Vulnerabilities allow an attacker with access to physical memory
and port IO to run arbitrary code such as rootkit code in SMM memory
with SMM privileges.

Running arbitrary code with SMM privileges enables SMM Rootkits and
circumvents operating systems and Virtual Machine Monitor (VMM)
protections.


Details:
~~~~~~~~

BIOS firmware on a motherboard contains special code with multiple
SMI handlers that run in System Management Mode and are loaded at
boot time into protected part of RAM (SMRAM).

Disassembly of the code of $SMISS handler, one of SMI handlers in
the BIOS firmware in ASUS Eee PC 1000HE system.

0003F073: 50 push ax
0003F074: B4A1 mov ah,0A1
** 0003F076: 9A197D00F0 call 0F000:07D19
0003F07B: 2404 and al,004
0003F07D: 7414 je 00003F093
0003F07F: B434 mov ah,034
** 0003F081: 9A708000F0 call 0F000:08070
0003F086: 2410 and al,010
0003F088: 7409 je 00003F093
0003F08A: B430 mov ah,030
** 0003F08C: 9A708000F0 call 0F000:08070
0003F091: 2410 and al,010
0003F093: 3C01 cmp al,001
0003F095: 58 pop ax
0003F096: CB retf

0003F097: 0E push cs
0003F098: E8D8FF call 00003F073
0003F09B: B80100 mov ax,00001
0003F09E: 0F82C500 jb 00003F167
0003F0A2: B81034 mov ax,03410
** 0003F0A5: 9A7B8000F0 call 0F000:0807B
0003F0AA: B81030 mov ax,03010
** 0003F0AD: 9AAF8000F0 call 0F000:080AF
0003F0B2: 80265601FC and b,[0156],0FC
0003F0B7: 33DB xor bx,bx
0003F0B9: B88083 mov ax,08380
** 0003F0BC: 9A89A100F0 call 0F000:0A189
** 0003F0C1: 9AE0BD00F0 call 0F000:0BDE0
0003F0C6: 3C04 cmp al,004
0003F0C8: 750B jne 00003F0D5
0003F0CA: BB5400 mov bx,00054
0003F0CD: B88083 mov ax,08380
** 0003F0D0: 9A89A100F0 call 0F000:0A189
** 0003F0D5: 9AD0BD00F0 call 0F000:0BDD0
0003F0DA: 7505 jne 00003F0E1
0003F0DC: 800E560101 or b,[0156],001
0003F0E1: E8260E call 00003FF0A
0003F0E4: E82EFE call 00003EF15
0003F0E7: E8A200 call 00003F18C
** 0003F0EA: 9AE0BD00F0 call 0F000:0BDE0
0003F0EF: BEFFFF mov si,0FFFF
0003F0F2: 3C01 cmp al,001
0003F0F4: 740B je 00003F101
0003F0F6: B8B315 mov ax,015B3
** 0003F0F9: 9A7DA100F0 call 0F000:0A17D
0003F0FE: 7501 jne 00003F101
0003F100: 46 inc si
0003F101: B9E800 mov cx,000E8
0003F104: BB0800 mov bx,00008
0003F107: E8ED00 call 00003F1F7
0003F10A: B9E900 mov cx,000E9
0003F10D: BB1000 mov bx,00010
0003F110: E8E400 call 00003F1F7
0003F113: B9EA00 mov cx,000EA
0003F116: BB0010 mov bx,01000
0003F119: E8DB00 call 00003F1F7
0003F11C: B9EB00 mov cx,000EB
0003F11F: BB0040 mov bx,04000
0003F122: E8D200 call 00003F1F7
0003F125: 9A1C0161AA call 0AA61:0011C
** 0003F12A: 9ACF0600F0 call 0F000:006CF
** 0003F12F: 9AE0BD00F0 call 0F000:0BDE0
0003F134: BBE282 mov bx,082E2
0003F137: 48 dec ax
0003F138: D0E0 shl al,1
0003F13A: 02D8 add bl,al
0003F13C: 80D700 adc bh,000
** 0003F13F: 9AD0BD00F0 call 0F000:0BDD0
0003F144: 2EFF17 call w,cs:[bx]
0003F147: A05601 mov al,[0156]
0003F14A: 0C02 or al,002
0003F14C: E6B3 out 0B3,al
0003F14E: EB00 jmps 00003F150
0003F150: E8C100 call 00003F214
0003F150: E8C100 call 00003F214
0003F153: A1C600 mov ax,[00C6]
0003F156: 8B16CE00 mov dx,[00CE]
0003F15A: EF out dx,ax
0003F15B: B96400 mov cx,00064
0003F15E: E6ED out 0ED,al
0003F160: EB00 jmps 00003F162
0003F162: E2FA loop 00003F15E
0003F164: B80000 mov ax,00000
0003F167: CB retf

The disassembly contains a bunch of calls to code segment 0F000
(instructions marked with **).

Code segment 0F000 is translated to physical RAM addresses F0000h -
100000h. This region contains system BIOS code such as POST and
BIOS interrupts. This segment is not protected by SMM memory
protections like SMI code. Any process with sufficient privileges
to access physical memory can replace contents of this region with
own code.

So, for instance, linear address 0F000:08070 in the above SMI
handler is translated to physical address F8070h. During the boot
this address gets loaded with BIOS code that reads registers in
power management I/O space using ports 800h+offset:

00008387: BA0008 mov dx,00800
0000838A: 02D4 add dl,ah
0000838C: 80D600 adc dh,000
0000838F: C3 retn
00008390: 52 push dx
00008391: E8F3FF call 000008387
00008394: EC in al,dx
00008395: 5A pop dx
00008396: C3 retn

; These instructions are loaded to 0F000:08070 address
; (F8070h in physical memory) by the BIOS from ROM chip
00008397: E8F6FF call 000008390
0000839A: CB retf

These BIOS instructions can be replaced with a jump to malicious
code, so that this code will get executed by SMI handler with
SMM privileges.

Only one SMISS SMI handler has 14 SMM privilege escalation bugs!
The very same bugs are present in other handlers, overall making
the whole lot of 'em in ASUS BIOS.


Vendor Status:
~~~~~~~~~~~~~~
No response from the vendor


Credit:
~~~~~~~
core collapse
ralf


Links:
~~~~~~
A Real SMM Rootkit: Reversing and Hooking BIOS SMI Handlers
http://www.phrack.org/issues.html?issue=66&id=11#article
[there's a bunch of other links in the article]


Take care.

 

TOP