CVE-2005-0109
CVSS7.2
发布时间 :2005-03-05 00:00:00
修订时间 :2016-10-17 23:07:55
NMCOPS    

[原文]Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.


[CNNVD]Intel Pentium 超线程技术信息泄露漏洞(CNNVD-200503-049)

        Intel Pentium及其他处理器平台上运行的FreeBSD及其他操作系统中采用了超线程技术,本地用户可以通过存储区缓存遗漏相关的计时攻击,使用破坏性线程创建隐蔽通道,监视其他线程的执行并获取密钥等敏感信息。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:sun:solaris:10.0::sparc
cpe:/o:sun:solaris:7.0::x86
cpe:/o:freebsd:freebsd:2.1.7.1FreeBSD 2.1.7.1
cpe:/o:redhat:enterprise_linux:4.0::advanced_server
cpe:/o:freebsd:freebsd:4.11:release_p3
cpe:/o:freebsd:freebsd:3.5.1:release
cpe:/o:freebsd:freebsd:5.1:releng
cpe:/o:freebsd:freebsd:5.3:releng
cpe:/o:freebsd:freebsd:5.0:releng
cpe:/o:freebsd:freebsd:2.0.5FreeBSD 2.0.5
cpe:/o:freebsd:freebsd:4.4:release_p42
cpe:/o:freebsd:freebsd:4.6:release
cpe:/o:freebsd:freebsd:4.7:release
cpe:/o:sco:unixware:7.1.3_up
cpe:/o:freebsd:freebsd:4.3:release
cpe:/o:freebsd:freebsd:4.5:release
cpe:/o:freebsd:freebsd:5.0:alpha
cpe:/o:freebsd:freebsd:2.2FreeBSD 2.2
cpe:/o:freebsd:freebsd:2.0FreeBSD 2.0
cpe:/o:freebsd:freebsd:5.3:stable
cpe:/o:sun:solaris:8.0::x86
cpe:/o:freebsd:freebsd:3.5.1:stable
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/o:redhat:enterprise_linux:4.0::enterprise_server
cpe:/o:freebsd:freebsd:4.1.1FreeBSD 4.1.1
cpe:/o:freebsd:freebsd:4.8:release_p6
cpe:/o:ubuntu:ubuntu_linux:5.04::i386
cpe:/o:freebsd:freebsd:4.6:releng
cpe:/o:freebsd:freebsd:4.7:releng
cpe:/o:freebsd:freebsd:4.10:release_p8
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
cpe:/o:freebsd:freebsd:4.3:releng
cpe:/o:freebsd:freebsd:4.8:releng
cpe:/o:freebsd:freebsd:4.9:releng
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/o:freebsd:freebsd:4.4:releng
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:freebsd:freebsd:4.5:releng
cpe:/o:freebsd:freebsd:4.8:pre-release
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/o:freebsd:freebsd:4.9:pre-release
cpe:/o:freebsd:freebsd:4.0:releng
cpe:/o:freebsd:freebsd:5.1FreeBSD 5.1
cpe:/o:freebsd:freebsd:5.2FreeBSD 5.2
cpe:/o:freebsd:freebsd:2.1.0FreeBSD 2.1.0
cpe:/o:freebsd:freebsd:5.1:release
cpe:/o:freebsd:freebsd:5.3:release
cpe:/o:sco:unixware:7.1.4
cpe:/o:freebsd:freebsd:2.1.6FreeBSD 2.1.6
cpe:/o:freebsd:freebsd:1.1.5.1FreeBSD 1.1.5.1
cpe:/o:freebsd:freebsd:2.1.5FreeBSD 2.1.5
cpe:/o:freebsd:freebsd:5.0FreeBSD 5.0
cpe:/o:freebsd:freebsd:4.2:stable
cpe:/o:freebsd:freebsd:4.3:stable
cpe:/o:freebsd:freebsd:4.4:stable
cpe:/o:freebsd:freebsd:5.3FreeBSD 5.3
cpe:/o:freebsd:freebsd:4.5:stable
cpe:/o:freebsd:freebsd:4.6:stable
cpe:/o:freebsd:freebsd:4.7:stable
cpe:/o:freebsd:freebsd:4.11:stable
cpe:/o:freebsd:freebsd:4.11:releng
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:sun:solaris:9.0::x86
cpe:/o:freebsd:freebsd:5.1:release_p5
cpe:/o:freebsd:freebsd:4.7:release_p17
cpe:/o:freebsd:freebsd:4.10:releng
cpe:/o:freebsd:freebsd:4.10FreeBSD 4.10
cpe:/o:freebsd:freebsd:5.2.1:releng
cpe:/o:freebsd:freebsd:4.1.1:release
cpe:/o:freebsd:freebsd:3.0:releng
cpe:/o:redhat:enterprise_linux_desktop:4.0Red Hat Desktop 4.0
cpe:/o:freebsd:freebsd:2.2.8FreeBSD 2.2.8
cpe:/o:freebsd:freebsd:4.10:release
cpe:/o:freebsd:freebsd:2.2.3FreeBSD 2.2.3
cpe:/o:freebsd:freebsd:4.2FreeBSD 4.2
cpe:/o:freebsd:freebsd:2.2.2FreeBSD 2.2.2
cpe:/o:freebsd:freebsd:4.3FreeBSD 4.3
cpe:/o:freebsd:freebsd:4.8FreeBSD 4.8
cpe:/o:freebsd:freebsd:4.9FreeBSD 4.9
cpe:/o:freebsd:freebsd:4.6FreeBSD 4.6
cpe:/o:freebsd:freebsd:4.7FreeBSD 4.7
cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
cpe:/o:sco:unixware:7.1.3
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/o:freebsd:freebsd:2.2.5FreeBSD 2.2.5
cpe:/o:freebsd:freebsd:4.0FreeBSD 4.0
cpe:/o:freebsd:freebsd:2.2.4FreeBSD 2.2.4
cpe:/o:freebsd:freebsd:4.1FreeBSD 4.1
cpe:/o:freebsd:freebsd:4.6.2FreeBSD 4.6.2
cpe:/o:freebsd:freebsd:2.2.6FreeBSD 2.2.6
cpe:/o:freebsd:freebsd:3.5:stable
cpe:/o:freebsd:freebsd:4.4FreeBSD 4.4
cpe:/o:freebsd:freebsd:4.5FreeBSD 4.5
cpe:/o:freebsd:freebsd:3.5.1FreeBSD 3.5.1
cpe:/o:freebsd:freebsd:4.3:release_p38
cpe:/o:freebsd:freebsd:5.0:release_p14
cpe:/o:freebsd:freebsd:4.1.1:stable
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:freebsd:freebsd:2.1.6.1FreeBSD 2.1.6.1
cpe:/o:freebsd:freebsd:4.5:release_p32
cpe:/o:ubuntu:ubuntu_linux:5.04::powerpc
cpe:/o:freebsd:freebsd:5.1:alpha
cpe:/o:sun:solaris:9.0:x86_update_2
cpe:/o:redhat:fedora_core:core_3.0
cpe:/o:redhat:enterprise_linux:4.0::workstation
cpe:/o:freebsd:freebsd:5.4:pre-release
cpe:/o:freebsd:freebsd:3.3FreeBSD 3.3
cpe:/o:freebsd:freebsd:3.4FreeBSD 3.4
cpe:/o:freebsd:freebsd:5.2.1:release
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/o:sco:openserver:5.0.7
cpe:/o:freebsd:freebsd:4.6:release_p20
cpe:/o:freebsd:freebsd:3.1FreeBSD 3.1
cpe:/o:freebsd:freebsd:3.2FreeBSD 3.2
cpe:/o:freebsd:freebsd:4.0:alpha
cpe:/o:freebsd:freebsd:3.0FreeBSD 3.0
cpe:/o:freebsd:freebsd:3.5FreeBSD 3.5
cpe:/o:ubuntu:ubuntu_linux:5.04::amd64

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9747Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0109
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0109
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-049
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt
(UNKNOWN)  SCO  SCOSA-2005.24
http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2
(UNKNOWN)  MLIST  [freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff
http://marc.info/?l=freebsd-security&m=110994370429609&w=2
(UNKNOWN)  MLIST  [freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]
http://marc.info/?l=openbsd-misc&m=110995101417256&w=2
(UNKNOWN)  MLIST  [openbsd-misc] 20050304 Re: FreeBSD hiding security stuff
http://securitytracker.com/id?1013967
(VENDOR_ADVISORY)  SECTRACK  1013967
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1
(VENDOR_ADVISORY)  SUNALERT  101739
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
(UNKNOWN)  MISC  http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
http://www.daemonology.net/hyperthreading-considered-harmful/
(UNKNOWN)  MISC  http://www.daemonology.net/hyperthreading-considered-harmful/
http://www.daemonology.net/papers/htt.pdf
(UNKNOWN)  MISC  http://www.daemonology.net/papers/htt.pdf
http://www.kb.cert.org/vuls/id/911878
(VENDOR_ADVISORY)  CERT-VN  VU#911878
http://www.redhat.com/support/errata/RHSA-2005-476.html
(UNKNOWN)  REDHAT  RHSA-2005:476
http://www.redhat.com/support/errata/RHSA-2005-800.html
(UNKNOWN)  REDHAT  RHSA-2005:800
http://www.securityfocus.com/bid/12724
(VENDOR_ADVISORY)  BID  12724
http://www.vupen.com/english/advisories/2005/0540
(UNKNOWN)  VUPEN  ADV-2005-0540
http://www.vupen.com/english/advisories/2005/3002
(UNKNOWN)  VUPEN  ADV-2005-3002

- 漏洞信息

Intel Pentium 超线程技术信息泄露漏洞
高危 设计错误
2005-03-05 00:00:00 2007-05-11 00:00:00
本地  
        Intel Pentium及其他处理器平台上运行的FreeBSD及其他操作系统中采用了超线程技术,本地用户可以通过存储区缓存遗漏相关的计时攻击,使用破坏性线程创建隐蔽通道,监视其他线程的执行并获取密钥等敏感信息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Turbolinux Appliance Server 1.0 Workgroup Edition
        Turbolinux openssl-0.9.6m-3.i586.rpm
        Turbolinux Appliance Server 1.0 Workgroup Edition
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        Turbolinux openssl-devel-0.9.6m-3.i586.rpm
        Turbolinux Appliance Server 1.0 Workgroup Edition
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        MandrakeSoft Linux Mandrake 10.0 AMD64
        Mandriva lib64openssl0.9.7-0.9.7c-3.2.100mdk.amd64.rpm
        Mandrakelinux 10.0/AMD64:
        http://www.mandriva.com/en/download
        Mandriva lib64openssl0.9.7-devel-0.9.7c-3.2.100mdk.amd64.rpm
        Mandrakelinux 10.0/AMD64:
        http://www.mandriva.com/en/download
        Mandriva lib64openssl0.9.7-static-devel-0.9.7c-3.2.100mdk.amd64.rpm
        Mandrakelinux 10.0/AMD64:
        http://www.mandriva.com/en/download
        Mandriva openssl-0.9.7c-3.2.100mdk.amd64.rpm
        Mandrakelinux 10.0/AMD64:
        http://www.mandriva.com/en/download
        Mandriva openssl-0.9.7c-3.2.100mdk.src.rpm
        Mandrakelinux 10.0/AMD64:
        http://www.mandriva.com/en/download
        Turbolinux Turbolinux Desktop 10.0
        Turbolinux openssl-0.9.7d-4.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/openssl-0.9.7d-4.i586.rpm
        Turbolinux openssl-compat-0.9.6m-7.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/openssl-compat-0.9.6m-7.i586.rpm
        Turbolinux openssl-devel-0.9.7d-4.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/openssl-devel-0.9.7d-4.i586.rpm
        MandrakeSoft Linux Mandrake 10.1 x86_64
        Mandriva lib64openssl0.9.7-0.9.7d-1.2.101mdk.x86_64.rpm
        Mandrakelinux 10.1/X86_64:
        http://www.mandriva.com/en/download
        Mandriva lib64openssl0.9.7-devel-0.9.7d-1.2.101mdk.x86_64.rpm
        Mandrakelinux 10.1/X86_64:
        http://www.mandriva.com/en/download
        Mandriva lib64openssl0.9.7-static-devel-0.9.7d-1.2.101mdk.x86_64.rpm
        Mandrakelinux 10.1/X86_64:
        http://www.mandriva.com/en/download
        Mandriva openssl-0.9.7d-1.2.101mdk.src.rpm
        Mandrakelinux 10.1/X86_64:
        http://www.mandriva.com/en/download
        Mandriva openssl-0.9.7d-1.2.101mdk.x86_64.rpm
        Mandrakelinux 10.1/X86_64:
        http://www.mandriva.com/en/download
        MandrakeSoft Corporate Server 2.1 x86_64
        Mandriva libopenssl0-0.9.6i-1.9.C21mdk.x86_64.rpm
        Corporate Server 2.1/X86_64:
        http://www.mandriva.com/en/download
        Mandriva libopenssl0-devel-0.9.6i-1.9.C21mdk.x86_64.rpm
        Corporate Server 2.1/X86_64:
        http://www.mandriva.com/en/download
        Mandriva libopenssl0-static-devel-0.9.6i-1.9.C21mdk.x86_64.rpm
        Corporate Server 2.1/X86_64:
        http://www.mandriva.com/en/download
        Mandriva openssl-0.9.6i-1.9.C21mdk.src.rpm
        Corporate Server 2.1/X86_64:
        http://www.mandriva.com/en/download
        Mandriva openssl-0.9.6i-1.9.C21mdk.x86_64.rpm
        Corporate Server 2.1/X86_64:
        http://www.mandriva.com/en/download
        MandrakeSoft Corporate Server 2.1
        Mandriva libopenssl0-0.9.6i-1.9.C21mdk.i586.rpm
        Corporate Server 2.1:
        http://www.mandriva.com/en/download
        Mandriva libopenssl0-devel-0.9.6i-1.9.C21mdk.i586.rpm
        Corporate Server 2.1:
        http://www.mandriva.com/en/download
        Mandriva libopenssl0-static-devel-0.9.6i-1.9.C21mdk.i586.rpm
        Corporate Server 2.1:
        http://www.mandriva.com/en/download
        Mandriva openssl-0.9.6i-1.9.C21mdk.i586.rpm
        Corporate Server 2.1:
        http://www.mandriva.com/en/download
        Mandriva openssl-0.9.6i-1.9.C21mdk.src.rpm
        Corporate Server 2.1:
        http://www.mandriva.com/en/download
        MandrakeSoft Corporate Server 3.0
        Mandriva libopenssl0.9.7-0.9.7c-3.2.C30mdk.i586.rpm
        Corporate 3.0:
        http://www.mandriva.com/en/download
        Mandriva libopenssl0.9.7-devel-0.9.7c-3.2.C30mdk.i586.rpm
        Corporate 3.0:
        http://www.mandriva.com/en/download
        Mandriva libopenssl0.9.7-static-devel-0.9.7c-3.2.C30mdk.i586.rpm
        Corporate 3.0:
        http://www.mandriva.com/en/download
        Mandriva openssl-0.9.7c-3.2.C30mdk.i586.rpm
        Corporate 3.0:
        http://www.mandriva.com/en/download
        Mandriva openssl-0.9.7c-3.2.C30mdk.src.rpm
        Corporate 3.

- 漏洞信息 (F38548)

FreeBSD-SA-05-09.htt.txt (PacketStormID:F38548)
2005-07-08 00:00:00
 
advisory
freebsd
CVE-2005-0109
[点击下载]

FreeBSD Security Advisory FreeBSD-SA-05:09 - When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-05:09.htt                                        Security Advisory
                                                          The FreeBSD Project

Topic:          information disclosure when using HTT

Category:       core
Module:         sys
Announced:      2005-05-13
Revised:        2005-05-13
Credits:        Colin Percival
Affects:        All FreeBSD/i386 and FreeBSD/amd64 releases.
Corrected:      2005-05-13 00:13:00 UTC (RELENG_5, 5.4-STABLE)
                2005-05-13 00:13:00 UTC (RELENG_5_4, 5.4-RELEASE-p1)
                2005-05-13 00:13:00 UTC (RELENG_5_3, 5.3-RELEASE-p15)
                2005-05-13 00:13:00 UTC (RELENG_4, 4.11-STABLE)
                2005-05-13 00:13:00 UTC (RELENG_4_11, 4.11-RELEASE-p9)
                2005-05-13 00:13:00 UTC (RELENG_4_10, 4.10-RELEASE-p14)
CVE Name:       CAN-2005-0109

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:http://www.freebsd.org/security/>.

0.   Revision History

v1.0 2005-05-13  Initial release.
v1.1 2005-05-13  Additional details.

I.   Background

Sharing the execution resources of a superscalar processor between
multiple execution threads is referred to as "simultaneous
multithreading".  "Hyper-Threading Technology" or HTT is the name used
for the implementation of simultaneous multithreading on Intel Pentium
4, Mobile Pentium 4, and Xeon processors.  HTT involves sharing
certain CPU resources between multiple threads, including memory
caches.  FreeBSD supports HTT when using a kernel compiled with
the SMP option.

II.  Problem Description

When running on processors supporting Hyper-Threading Technology, it is
possible for a malicious thread to monitor the execution of another
thread.

NOTE:  Similar problems may exist in other simultaneous multithreading
implementations, or even some systems in the absence of simultaneous
multithreading.  However, current research has only demonstrated this
flaw in Hyper-Threading Technology, where shared memory caches are used.

III. Impact

Information may be disclosed to local users, allowing in many cases for
privilege escalation.  For example, on a multi-user system, it may be
possible to steal cryptographic keys used in applications such as OpenSSH
or SSL-enabled web servers.

IV.  Workaround

Systems not using processors with Hyper-Threading Technology support are
not affected by this issue.  On systems which are affected, the security
flaw can be eliminated by setting the "machdep.hlt_logical_cpus" tunable:

# echo "machdep.hlt_logical_cpus=1" >> /boot/loader.conf

The system must be rebooted in order for tunables to take effect.

Use of this workaround is not recommended on "dual-core" systems, as
this workaround will also disable one of the processor cores.

V.   Solution

Disable Hyper-Threading Technology on processors that support it.

NOTE:  It is expected that future work in cryptographic libraries and
operating system schedulers may remedy this problem for many or most
users, without necessitating the disabling of Hyper-Threading
Technology.  Future advisories will address individual cases.

Perform one of the following:

1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch
dated after the correction date.

2) To patch your present system:

The following patches have been verified to apply to FreeBSD 4.10,
4.11, 5.3, and 5.4 systems.

a) Download the relevant patch from the location below and verify the
detached PGP signature using your PGP utility.

[FreeBSD 4.10]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt410.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt410.patch.asc

[FreeBSD 4.11]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt411.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt411.patch.asc

[FreeBSD 5.x]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt5.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt5.patch.asc

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.

NOTE:  For users that are certain that their environment is not affected
by this vulnerability, such as single-user systems, Hyper-Threading
Technology may be re-enabled by setting the tunable
"machdep.hyperthreading_allowed".

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch                                                           Revision
  Path
- -------------------------------------------------------------------------
RELENG_4
  src/sys/i386/i386/mp_machdep.c                               1.115.2.23
  src/sys/i386/include/cpufunc.h                                 1.96.2.4
RELENG_4_11
  src/UPDATING                                             1.73.2.91.2.10
  src/sys/conf/newvers.sh                                  1.44.2.39.2.13
  src/sys/i386/i386/mp_machdep.c                           1.115.2.22.2.1
  src/sys/i386/include/cpufunc.h                            1.96.2.3.12.1
RELENG_4_10
  src/UPDATING                                             1.73.2.90.2.15
  src/sys/conf/newvers.sh                                  1.44.2.34.2.16
  src/sys/i386/i386/mp_machdep.c                           1.115.2.20.2.1
  src/sys/i386/include/cpufunc.h                            1.96.2.3.10.1
RELENG_5
  src/sys/amd64/amd64/mp_machdep.c                             1.242.2.11
  src/sys/amd64/include/cpufunc.h                               1.145.2.1
  src/sys/i386/i386/mp_machdep.c                               1.235.2.10
  src/sys/i386/include/cpufunc.h                                1.142.2.1
RELENG_5_4
  src/UPDATING                                            1.342.2.24.2.10
  src/sys/amd64/amd64/mp_machdep.c                          1.242.2.7.2.4
  src/sys/amd64/include/cpufunc.h                               1.145.6.1
  src/sys/conf/newvers.sh                                   1.62.2.18.2.6
  src/sys/i386/i386/mp_machdep.c                            1.235.2.6.2.3
  src/sys/i386/include/cpufunc.h                                1.142.6.1
RELENG_5_3
  src/UPDATING                                            1.342.2.13.2.18
  src/sys/amd64/amd64/mp_machdep.c                          1.242.2.2.2.2
  src/sys/amd64/include/cpufunc.h                               1.145.4.1
  src/sys/conf/newvers.sh                                  1.62.2.15.2.20
  src/sys/i386/i386/mp_machdep.c                            1.235.2.3.2.2
  src/sys/i386/include/cpufunc.h                                1.142.4.1
- -------------------------------------------------------------------------

VII. References

http://www.daemonology.net/hyperthreading-considered-harmful/

The latest revision of this advisory is available at
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc
-----BEGIN PGP SIGNATURE-----

iD8DBQFChJA4FdaIBMps37IRAo8nAJ9w7xtIF0atnxiKDhFOpBXEZQDtZQCghWdM
qc5lGST7l+iJEYN/7zTNUPY=
=WqEa
-----END PGP SIGNATURE-----
    

- 漏洞信息

16440
Multiple Unix Vendor Hyper-Threading (HTT) Arbitrary Thread Process Information Disclosure
Information Disclosure
Loss of Confidentiality

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-05-13 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Vendor Hyper-Threading Technology Information Disclosure Vulnerability
Design Error 12724
No Yes
2005-03-04 12:00:00 2007-03-09 05:45:00
Discovery is credited to Colin Percival.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux 10 F...
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Enterprise Linux 2.0
Sun Solaris 9_x86 Update 2
Sun Solaris 9_x86
Sun Solaris 8_x86
Sun Solaris 7.0_x86
Sun Solaris 10
SGI ProPack 3.0
SGI Advanced Linux Environment 3.0
SCO Unixware 7.1.4
SCO Unixware 7.1.3 up
SCO Unixware 7.1.3
SCO Open Server 5.0.7
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
NetBSD NetBSD 2.0.2
NetBSD NetBSD 2.0.1
NetBSD NetBSD 2.0
NetBSD NetBSD Current
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
IBM Hardware Management Console (HMC) for pSeries 5.0 R1.0
IBM Hardware Management Console (HMC) for pSeries 4.0 R5.0
IBM Hardware Management Console (HMC) for pSeries 4.0 R4.0
IBM Hardware Management Console (HMC) for pSeries 4.0 R3.3
IBM Hardware Management Console (HMC) for pSeries 4.0 R3.2
IBM Hardware Management Console (HMC) for pSeries 4.0 R3.1
IBM Hardware Management Console (HMC) for pSeries 4.0 R2.1
IBM Hardware Management Console (HMC) for pSeries 4.0 R2.0
IBM Hardware Management Console (HMC) for pSeries 3.3.2
IBM Hardware Management Console (HMC) for pSeries 3.0 R3.6
IBM Hardware Management Console (HMC) for pSeries 4
IBM Hardware Management Console (HMC) for pSeries 3
IBM Hardware Management Console (HMC) for iSeries 5.0 R1.0
IBM Hardware Management Console (HMC) for iSeries 4.0 R5.0
IBM Hardware Management Console (HMC) for iSeries 4.0 R4.0
IBM Hardware Management Console (HMC) for iSeries 4.0 R3.3
IBM Hardware Management Console (HMC) for iSeries 4.0 R3.2
IBM Hardware Management Console (HMC) for iSeries 4.0 R3.1
IBM Hardware Management Console (HMC) for iSeries 4.0 R2.1
IBM Hardware Management Console (HMC) for iSeries 4.0 R2.0
IBM Hardware Management Console (HMC) for iSeries 4.0
IBM Hardware Management Console (HMC) for iSeries 3.3.2
IBM Hardware Management Console (HMC) for iSeries 3.0 R3.6
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE/Alpha
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0 -RELEASE-p14
FreeBSD FreeBSD 5.0 alpha
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 4.11 -RELENG
FreeBSD FreeBSD 4.11 -RELEASE-p3
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10 -RELEASE-p8
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.9 -RELENG
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 3.5.1 -STABLEpre2001-07-20
FreeBSD FreeBSD 3.5.1 -STABLE
FreeBSD FreeBSD 3.5.1 -RELEASE
FreeBSD FreeBSD 3.5.1
FreeBSD FreeBSD 3.5 x
FreeBSD FreeBSD 3.5 -STABLEpre122300
FreeBSD FreeBSD 3.5 -STABLEpre050201
FreeBSD FreeBSD 3.5 -STABLE
FreeBSD FreeBSD 3.5
FreeBSD FreeBSD 3.4 x
FreeBSD FreeBSD 3.4
FreeBSD FreeBSD 3.3 x
FreeBSD FreeBSD 3.3
FreeBSD FreeBSD 3.2 x
FreeBSD FreeBSD 3.2
FreeBSD FreeBSD 3.1 x
FreeBSD FreeBSD 3.1
FreeBSD FreeBSD 3.0 -RELENG
FreeBSD FreeBSD 3.0
FreeBSD FreeBSD 2.2.8
FreeBSD FreeBSD 2.2.6
FreeBSD FreeBSD 2.2.5
FreeBSD FreeBSD 2.2.4
FreeBSD FreeBSD 2.2.3
FreeBSD FreeBSD 2.2.2
FreeBSD FreeBSD 2.2 x
FreeBSD FreeBSD 2.2
FreeBSD FreeBSD 2.1.7 .1
FreeBSD FreeBSD 2.1.6 .1
FreeBSD FreeBSD 2.1.6
FreeBSD FreeBSD 2.1.5
FreeBSD FreeBSD 2.1 x
FreeBSD FreeBSD 2.1
FreeBSD FreeBSD 2.0.5
FreeBSD FreeBSD 2.0
FreeBSD FreeBSD 1.1.5 .1
FreeBSD FreeBSD 4.10-PRERELEASE
FreeBSD FreeBSD 3.x
FreeBSD FreeBSD 2.x

- 漏洞讨论

Multiple vendors' Hyper-Threading (HT) technology offerings are prone to an information-disclosure vulnerability when running on HT processors. This issue is due to the shared-memory cache associated with the virtual CPUs in an HT-capable CPU.

Exploiting this vulnerability allows local attackers to obtain sensitive information that can lead to privilege escalation.

The issue affects certain operating systems when running on HT-enabled processors. The operating systems must be running with multiprocessing enabled for this vulnerability to be exploitable. True dual-core CPUs that do not share caches across CPUs are likely not affected by this issue.

This issue was also documented in BID 13614, which has been retired.

- 漏洞利用


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Please see the referenced advisories for more information.


Turbolinux Appliance Server 1.0 Workgroup Edition

Mandriva Linux Mandrake 10.0 AMD64

Turbolinux Turbolinux Desktop 10.0

Mandriva Linux Mandrake 10.1 x86_64

MandrakeSoft Corporate Server 2.1 x86_64

MandrakeSoft Corporate Server 2.1

MandrakeSoft Corporate Server 3.0

FreeBSD FreeBSD 4.11 -RELEASE-p3

FreeBSD FreeBSD 5.3

Turbolinux Turbolinux Workstation 7.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站