CVE-2004-1038
Title: IEEE1394 specification physical access memory read/write
Information Disclosure, Unauthorized Modification
Proof Of Concept
No public PoC currently indexed for CVE-2004-1038.
CWE Category
NVD-CWE-noinfo
Published Date
Mar 01, 2005
Modified Date
Apr 03, 2025
Exploit Status
Not Found
Score
7.2
CVSS v2.0
Exploit Probability (EPSS)
0.13%
Vulnerability Summary
CVE-2004-1038: A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.
Impacted Vendors
Reference Links
http://it.slashdot.org/article.pl?sid=08/03/04/1258210
http://marc.info/?l=bugtraq&m=109881362530790&w=2
http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf
http://pacsec.jp/advisories.html
http://storm.net.nz/projects/16
http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf
http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf
http://www.securityfocus.com/archive/1/489163/100/0/threaded
http://www.securityfocus.com/archive/1/489175/100/0/threaded
http://www.securityfocus.com/archive/1/489189/100/0/threaded
http://www.securityfocus.com/archive/1/489212/100/0/threaded
http://www.securityfocus.com/archive/1/489257/100/0/threaded
http://www.securityfocus.com/archive/1/489269/100/0/threaded
http://www.securityfocus.com/archive/1/489295/100/0/threaded
http://www.securityfocus.com/archive/1/489296/100/0/threaded
http://www.securityfocus.com/archive/1/489322/100/0/threaded
http://www.securityfocus.com/archive/1/489330/100/0/threaded
http://www.securityfocus.com/archive/1/489335/100/0/threaded
http://www.securityfocus.com/archive/1/489342/100/0/threaded
http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18041
http://it.slashdot.org/article.pl?sid=08/03/04/1258210
http://marc.info/?l=bugtraq&m=109881362530790&w=2
http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf
http://pacsec.jp/advisories.html
http://storm.net.nz/projects/16
http://storm.net.nz/static/files/ab_firewire_rux2k6-final.pdf
http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks.pdf
http://www.securityfocus.com/archive/1/489163/100/0/threaded
http://www.securityfocus.com/archive/1/489175/100/0/threaded
http://www.securityfocus.com/archive/1/489189/100/0/threaded
http://www.securityfocus.com/archive/1/489212/100/0/threaded
http://www.securityfocus.com/archive/1/489257/100/0/threaded
http://www.securityfocus.com/archive/1/489269/100/0/threaded
http://www.securityfocus.com/archive/1/489295/100/0/threaded
http://www.securityfocus.com/archive/1/489296/100/0/threaded
http://www.securityfocus.com/archive/1/489322/100/0/threaded
http://www.securityfocus.com/archive/1/489330/100/0/threaded
http://www.securityfocus.com/archive/1/489335/100/0/threaded
http://www.securityfocus.com/archive/1/489342/100/0/threaded
http://www.theage.com.au/news/security/hack-into-a-windows-pc-no-password-needed/2008/03/04/1204402423638.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18041
CVSS v2.0
Source Entity
[email protected]
Severity
HIGH
7.2
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:L/AC:L/Au:N/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2004-1038 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Stack
No specific products linked.