[HACK] Fallo en el hyperthread??

Crg crg at digitalsec.net
Thu May 19 10:50:46 CEST 2005 

Efectivamente no lo has soñado...

Referencia:  http://www.daemonology.net/papers/htt.pdf

google+Copy + paste =

CVE: The Common Vulnerabilities and Exposures (CVE) project
has assigned the name CAN-2005-0109 to the problem of informa-
tion disclosure resulting from cache evictions in simultaneous multi-
threading processors. This is a candidate for inclusion in the CVE list
(http://cve.mitre.org), which stadardizes names for security problems.


FreeBSD: This issue a
ects FreeBSD/i386 and FreeBSD/amd64,
and is address in advisory FreeBSD-SA-05:09.htt.


NetBSD: The NetBSD Security-Ocer Team believes that workarounds
will be suitable for the majority of our users. Since this issue is a com-
plex one, the `right' solution will require a larger discussion which is
only possible once this issue is public. This issue will be addressed in
advisory NetBSD-SA2005-001, which will provide a list of workarounds
for use until the ` nal' conclusion is reached.


OpenBSD: OpenBSD does not directly support hyperthreading at
this time, therefore no patch is available. A
ected users may disable hyperthreading in their system BIOS. We will revisit
this issue when
hyperthreading support is improved.


SCO: This a
ects OpenServer 5.0.7 if an update pack is applied
and SMP is installed; if also a
ects UnixWare 7.1.4 and 7.1.3 with
hyperthreading enabled, but hyperthreading is disabled in UnixWare
by default. This is covered by advisory SCOSA-2005.24.



Crg @ !dSR
http://www.digitalsec.net



----- Original Message ----- 
From: "Leonardo CorreoPegasus" <pegasus at correopegasus.com.ar>
To: <hacking at argo.es>
Sent: Wednesday, May 18, 2005 5:55 AM
Subject: [HACK] Fallo en el hyperthread??


> Hola,
>
> ya no sé si lo leí o lo so~é, pero creo haber visto durante el fin de
> semana algo relativo a un fallo de seguridad en el mecanismo
> hyperthread, que permitía a un proceso acceder al espacio de memoria de
> otro proceso concurrente, con lo que era fácil generar una condición de
> corrida para escalar privilegios en Solaris y posiblemente GNU/Linux.
> (Bueno, si lo so~é así, con ese detalle, mejor me tomo vacaciones)
> Alguién leyó/escuchó algo?
> Links??
>
> -- 
>
>                 Leonardo Tadei
>
> _______________________________________________
> Lista - http://mailman.argo.es/listinfo/hacking
> FAQ - http://www.argo.es/~jcea/artic/hack-faq.htm
> "una-al-dia" para estar siempre informado - http://www.hispasec.com/

More information about the hacking mailing list