Candidate: CVE-2005-0109
References: 
 MISC:http://www.daemonology.net/papers/htt.pdf
 MISC:http://www.daemonology.net/hyperthreading-considered-harmful/
 MLIST:[openbsd-misc] 20050304 Re: FreeBSD hiding security stuff
 URL:http://marc.theaimsgroup.com/?l=openbsd-misc&m=110995101417256&w=2
 MLIST:[freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]
 URL:http://marc.theaimsgroup.com/?l=freebsd-security&m=110994370429609&w=2
 MLIST:[freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff
 URL:http://marc.theaimsgroup.com/?l=freebsd-hackers&m=110994026421858&w=2
 MISC:http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
 FREEBSD:FreeBSD-SA-05:09
 SCO:SCOSA-2005.24
 URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt
 SUNALERT:101739
 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1
 CERT-VN:VU#911878
 URL:http://www.kb.cert.org/vuls/id/911878
 BID:12724
 URL:http://www.securityfocus.com/bid/12724
 FRSIRT:ADV-2005-0540
 URL:http://www.frsirt.com/english/advisories/2005/0540
 FRSIRT:ADV-2005-3002
 URL:http://www.frsirt.com/english/advisories/2005/3002
 SECTRACK:1013967
 URL:http://securitytracker.com/id?1013967
 SECUNIA:15348
 URL:http://secunia.com/advisories/15348
 SECUNIA:18165
 URL:http://secunia.com/advisories/18165 
Description: 
 Hyper-Threading technology, as used in FreeBSD and other operating systems
 that are run on Intel Pentium and other processors, allows local users to use
 a malicious thread to create covert channels, monitor the execution of other
 threads, and obtain sensitive information such as cryptographic keys, via a
 timing attack on memory cache misses.
Notes: 
 There's no upstream patch, but Ubuntu has included a patch that disables
 HT by default, but allows users to turn it on again by booting w/ ht=on;
 included here in the patch-tracker.
 jmm> On linux-kernel nearly everyone disagreed that this a practical attack
 jmm> Plus, I remember some fixes for OpenSSL, that would render the attack
 jmm> impossible, so I think it might be wiser to fix this in OpenSSL?
 jmm> What did other distributions like Red Hat, SuSE or OWL do?
Bugs: 
upstream: 
linux-2.6:
2.6.8-sarge-security: ignored (2.6.8-16sarge5)
2.4.27-sarge-security: ignored (2.4.27-10sarge5)
2.6.18-etch-security: ignored