From 46665004981d68d946744e49b932e69c17aa54bb Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 1 May 2007 00:16:09 +0000
Subject: move conceptual, theoretical hyperthreading issue to ignored

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@793 e094ebfe-e918-0410-adfb-c712417f3574
---
 ignored/CVE-2005-0109 | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 ignored/CVE-2005-0109

(limited to 'ignored')

diff --git a/ignored/CVE-2005-0109 b/ignored/CVE-2005-0109
new file mode 100644
index 00000000..8032c40d
--- /dev/null
+++ b/ignored/CVE-2005-0109
@@ -0,0 +1,50 @@
+Candidate: CVE-2005-0109
+References: 
+ MISC:http://www.daemonology.net/papers/htt.pdf
+ MISC:http://www.daemonology.net/hyperthreading-considered-harmful/
+ MLIST:[openbsd-misc] 20050304 Re: FreeBSD hiding security stuff
+ URL:http://marc.theaimsgroup.com/?l=openbsd-misc&m=110995101417256&w=2
+ MLIST:[freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]
+ URL:http://marc.theaimsgroup.com/?l=freebsd-security&m=110994370429609&w=2
+ MLIST:[freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff
+ URL:http://marc.theaimsgroup.com/?l=freebsd-hackers&m=110994026421858&w=2
+ MISC:http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
+ FREEBSD:FreeBSD-SA-05:09
+ SCO:SCOSA-2005.24
+ URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt
+ SUNALERT:101739
+ URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1
+ CERT-VN:VU#911878
+ URL:http://www.kb.cert.org/vuls/id/911878
+ BID:12724
+ URL:http://www.securityfocus.com/bid/12724
+ FRSIRT:ADV-2005-0540
+ URL:http://www.frsirt.com/english/advisories/2005/0540
+ FRSIRT:ADV-2005-3002
+ URL:http://www.frsirt.com/english/advisories/2005/3002
+ SECTRACK:1013967
+ URL:http://securitytracker.com/id?1013967
+ SECUNIA:15348
+ URL:http://secunia.com/advisories/15348
+ SECUNIA:18165
+ URL:http://secunia.com/advisories/18165 
+Description: 
+ Hyper-Threading technology, as used in FreeBSD and other operating systems
+ that are run on Intel Pentium and other processors, allows local users to use
+ a malicious thread to create covert channels, monitor the execution of other
+ threads, and obtain sensitive information such as cryptographic keys, via a
+ timing attack on memory cache misses.
+Notes: 
+ There's no upstream patch, but Ubuntu has included a patch that disables
+ HT by default, but allows users to turn it on again by booting w/ ht=on;
+ included here in the patch-tracker.
+ jmm> On linux-kernel nearly everyone disagreed that this a practical attack
+ jmm> Plus, I remember some fixes for OpenSSL, that would render the attack
+ jmm> impossible, so I think it might be wiser to fix this in OpenSSL?
+ jmm> What did other distributions like Red Hat, SuSE or OWL do?
+Bugs: 
+upstream: 
+linux-2.6:
+2.6.8-sarge-security: ignored (2.6.8-16sarge5)
+2.4.27-sarge-security: ignored (2.4.27-10sarge5)
+2.6.18-etch-security: ignored
-- 
cgit v1.2.3