||Intel® Active Management Technology (Intel® AMT) Software Development Kit (SDK)
|Impact of vulnerability:
||Elevation of Privilege
||Mar 29, 2010
||Mar 29, 2010
Intel® Active Management Technology (Intel® AMT) Software Development Kit (SDK) is the development framework for the independent software vendors (ISVs) to develop manageability applications that interact with Intel® AMT-enabled systems. Updated software which corrects a potential stack overflow issue is available for the ISVs to update their applications developed using the SDK.
This issue does not affect Intel® Active Management Technology implementation on Intel® vProTM technology based platforms.
Intel AMT enabled management console applications developed by the independent software vendors (ISVs) using the SDK prior to the public release of Intel® AMT SDK Release 6.0 may be affected by this issue. The potential vulnerability in the SDK's redirection libraries could allow an unauthenticated attacker to insert malicious code during the redirection session establishment. Intel has released a software update to the SDK for the ISVs to resolve this issue.
For AMT management console application developers: The ISVs utilizing this SDK should replace the redirection libraries in their application from the updated SDK and provide software update recommendation to the application users.
For AMT management console application users:
The users of the AMT management console application should contact the respective application provider to determine if their application may be affected.
While Intel is not aware of any use of the potential vulnerability described in this advisory, Intel has made changes to Intel® AMT SDK to resolve this issue. Intel highly recommends the independent software vendors (ISVs) to include the updated libraries into their affected application. The updated SDK which resolves this issue is available at http://software.intel.com/en-us/articles/download-the-latest-intel-amt-software-development-kit-sdk/.
Libraries to be replaced for Windows*:
Libraries to be replaced for Linux*:
It is expected that the ISVs would provide corresponding software updates to their affected application users.
* other brands and names may be claimed as the property of others.
INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” IN CONNECTION WITH INTEL® PRODUCTS. YOUR USE OF THE INFORMATION IN THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. INTEL RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT.