lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050513093533.A2443@caldera.com>
Date: Fri, 13 May 2005 09:35:33 -0700
From: please_reply_to_security@....com
To: security-announce@...t.sco.com, bugtraq@...urityfocus.com,
	full-disclosure@...ts.grok.org.uk
Subject: OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 :
	Hyper-Threading information leakage



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage
Advisory number: 	SCOSA-2005.24
Issue date: 		2005 May 13
Cross reference:	sr893223 fz531468 erg712804 sr893224 fz531469 erg712805 CAN-2005-0109
______________________________________________________________________________


1. Problem Description

	Hyper-Threading (HT) Technology allows two series of
	instructions to run simultaneously and independently on a
	single Intel(R) Xeon (TM) or HT-enabled Intel Pentium(R) 4
	processor. With Hyper-Threading Technology enabled, the
	system treats a physical processor as two "logical"
	processors. Each logical processor is allocated a thread
	on which to work, as well as a share of execution resources
	such as cache memories, execution units, and buses. 

	In Colin Percival's paper "Cache Missing for Fun and Profit", he 
	describes the problem of sharing of caches which could provide a
	high bandwidth covert channel between threads, and could also 
	permit a malicious thread operating with limited privileges 
	to monitor the execution of another thread, allowing 
	in some cases for theft of cryptographic key data.
	
	This issue affects OpenServer 5.0.7 if SMP is installed and any
	Update Pack is applied.  It also affects UnixWare 7.1.4 and 7.1.3 
	if Hyper-Threading is enabled.  (Hyper-Threading is disabled in
	UnixWare by default.) 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2005-0109 to this issue.


2. Vulnerable Supported Versions

	System			
	----------------------------------------------------------
	OpenServer 5.0.7 with SMP and any Update Pack installed
	UnixWare 7.1.4 with Hyper-Threading enabled
	UnixWare 7.1.3 with Hyper-Threading enabled


3. Solution

	The proper solution is to disable Hyper-Threading, unless you 
	are certain that (1) no authorized users of your system have the 
	ability to run a malicious program, and (2) it is not possible 
	for any unauthorized users to access the system.  

4. OpenServer 5.0.7

	4.1 Workaround

	SCO OpenServer supports Hyper-Threading Technology via the
        SCO OpenServer Release 5.0.7 Symmetrical Multiprocessing
        (SMP) product. When SMP plus any Update Pack is installed, 
  	Hyper-Threading is enabled by default.

	To disable Hyper-Threading, update the crllry_hyperthread_enable 
	kernel variable. This variable is defined in the 
	/etc/conf/pack.d/crllry/space.c file. Specify a value of "0" 
	to disable Hyper-Threading. To modify this variable, edit the file, 
	then relink and reboot the kernel.  You can use the "cpuonoff -c"
	command to display the processor status.

        See the hyperthread(HW) man page for details.


5. UnixWare 7.1.4 / UnixWare 7.1.3

	5.1 Workaround

	Hyperthreading is supported on UnixWare 7.1.3 and 7.1.4 when
	the osmp package is installed.  It is disabled by default. 
	If it has been enabled, remove the ENABLE_JT=Y line from 
	/stand/boot to disable it.  Then use the command

		shutdown -i6 -g0 -y

 	to rebuild the kernel and reboot the system.  You can use the 
	psrinfo(1M) command to display the processor status.  

	See the ENABLE_JT (Jackson Technology) boot parameter in the 
	boot(4) man page for details.
	
6  Location of this security advisory

        ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24 and
        ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.24

7. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix is tracked by SCO incidents sr893223 fz531468
	erg712804 sr893224 fz531469 erg712805.


8. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


9. Acknowledgments

	SCO would like to thank Colin Percival.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)

iD8DBQFChNNhaqoBO7ipriERAqqEAKCMIzQemt+9lNCO3AlLOJMks0EdqgCgn6SW
FedwEAYjiPA/qMKHqBdEVaA=
=9KqS
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ