diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2007-05-01 00:16:09 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-05-01 00:16:09 +0000 |
| commit | 46665004981d68d946744e49b932e69c17aa54bb (patch) | |
| tree | dbbc98980082b03770f06f7c55826158a9746633 /ignored | |
| parent | 4e879024289dae7264857f2f05005ddc92e2b4ce (diff) | |
move conceptual, theoretical hyperthreading issue to ignored
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@793 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'ignored')
| -rw-r--r-- | ignored/CVE-2005-0109 | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/ignored/CVE-2005-0109 b/ignored/CVE-2005-0109 new file mode 100644 index 00000000..8032c40d --- /dev/null +++ b/ignored/CVE-2005-0109 @@ -0,0 +1,50 @@ +Candidate: CVE-2005-0109 +References: + MISC:http://www.daemonology.net/papers/htt.pdf + MISC:http://www.daemonology.net/hyperthreading-considered-harmful/ + MLIST:[openbsd-misc] 20050304 Re: FreeBSD hiding security stuff + URL:http://marc.theaimsgroup.com/?l=openbsd-misc&m=110995101417256&w=2 + MLIST:[freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff] + URL:http://marc.theaimsgroup.com/?l=freebsd-security&m=110994370429609&w=2 + MLIST:[freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff + URL:http://marc.theaimsgroup.com/?l=freebsd-hackers&m=110994026421858&w=2 + MISC:http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754 + FREEBSD:FreeBSD-SA-05:09 + SCO:SCOSA-2005.24 + URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt + SUNALERT:101739 + URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1 + CERT-VN:VU#911878 + URL:http://www.kb.cert.org/vuls/id/911878 + BID:12724 + URL:http://www.securityfocus.com/bid/12724 + FRSIRT:ADV-2005-0540 + URL:http://www.frsirt.com/english/advisories/2005/0540 + FRSIRT:ADV-2005-3002 + URL:http://www.frsirt.com/english/advisories/2005/3002 + SECTRACK:1013967 + URL:http://securitytracker.com/id?1013967 + SECUNIA:15348 + URL:http://secunia.com/advisories/15348 + SECUNIA:18165 + URL:http://secunia.com/advisories/18165 +Description: + Hyper-Threading technology, as used in FreeBSD and other operating systems + that are run on Intel Pentium and other processors, allows local users to use + a malicious thread to create covert channels, monitor the execution of other + threads, and obtain sensitive information such as cryptographic keys, via a + timing attack on memory cache misses. +Notes: + There's no upstream patch, but Ubuntu has included a patch that disables + HT by default, but allows users to turn it on again by booting w/ ht=on; + included here in the patch-tracker. + jmm> On linux-kernel nearly everyone disagreed that this a practical attack + jmm> Plus, I remember some fixes for OpenSSL, that would render the attack + jmm> impossible, so I think it might be wiser to fix this in OpenSSL? + jmm> What did other distributions like Red Hat, SuSE or OWL do? +Bugs: +upstream: +linux-2.6: +2.6.8-sarge-security: ignored (2.6.8-16sarge5) +2.4.27-sarge-security: ignored (2.4.27-10sarge5) +2.6.18-etch-security: ignored |