blob: 8032c40dc16fd1a706e345c6b4aadce2abaa9442 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
Candidate: CVE-2005-0109
References:
MISC:http://www.daemonology.net/papers/htt.pdf
MISC:http://www.daemonology.net/hyperthreading-considered-harmful/
MLIST:[openbsd-misc] 20050304 Re: FreeBSD hiding security stuff
URL:http://marc.theaimsgroup.com/?l=openbsd-misc&m=110995101417256&w=2
MLIST:[freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]
URL:http://marc.theaimsgroup.com/?l=freebsd-security&m=110994370429609&w=2
MLIST:[freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff
URL:http://marc.theaimsgroup.com/?l=freebsd-hackers&m=110994026421858&w=2
MISC:http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
FREEBSD:FreeBSD-SA-05:09
SCO:SCOSA-2005.24
URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt
SUNALERT:101739
URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1
CERT-VN:VU#911878
URL:http://www.kb.cert.org/vuls/id/911878
BID:12724
URL:http://www.securityfocus.com/bid/12724
FRSIRT:ADV-2005-0540
URL:http://www.frsirt.com/english/advisories/2005/0540
FRSIRT:ADV-2005-3002
URL:http://www.frsirt.com/english/advisories/2005/3002
SECTRACK:1013967
URL:http://securitytracker.com/id?1013967
SECUNIA:15348
URL:http://secunia.com/advisories/15348
SECUNIA:18165
URL:http://secunia.com/advisories/18165
Description:
Hyper-Threading technology, as used in FreeBSD and other operating systems
that are run on Intel Pentium and other processors, allows local users to use
a malicious thread to create covert channels, monitor the execution of other
threads, and obtain sensitive information such as cryptographic keys, via a
timing attack on memory cache misses.
Notes:
There's no upstream patch, but Ubuntu has included a patch that disables
HT by default, but allows users to turn it on again by booting w/ ht=on;
included here in the patch-tracker.
jmm> On linux-kernel nearly everyone disagreed that this a practical attack
jmm> Plus, I remember some fixes for OpenSSL, that would render the attack
jmm> impossible, so I think it might be wiser to fix this in OpenSSL?
jmm> What did other distributions like Red Hat, SuSE or OWL do?
Bugs:
upstream:
linux-2.6:
2.6.8-sarge-security: ignored (2.6.8-16sarge5)
2.4.27-sarge-security: ignored (2.4.27-10sarge5)
2.6.18-etch-security: ignored
|