Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0109

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-0109
Last Modified 07 Mar 2011 09:19:32
Published 05 Mar 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-0109

Summary

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Vulnerable Systems

Operating System

  • Freebsd 1.1.5.1

  • Freebsd 2.0

  • Freebsd 2.0.5

  • Freebsd 2.1.0

  • Freebsd 2.1.5

  • Freebsd 2.1.6

  • Freebsd 2.1.6.1

  • Freebsd 2.1.7.1

  • Freebsd 2.2

  • Freebsd 2.2.2

  • Freebsd 2.2.3

  • Freebsd 2.2.4

  • Freebsd 2.2.5

  • Freebsd 2.2.6

  • Freebsd 2.2.8

  • Freebsd 3.0

  • Freebsd 3.1

  • Freebsd 3.2

  • Freebsd 3.3

  • Freebsd 3.4

  • Freebsd 3.5

  • Freebsd 3.5.1

  • Freebsd 4.0

  • Freebsd 4.1

  • Freebsd 4.1.1

  • Freebsd 4.10

  • Freebsd 4.11

  • Freebsd 4.2

  • Freebsd 4.3

  • Freebsd 4.4

  • Freebsd 4.5

  • Freebsd 4.6

  • Freebsd 4.6.2

  • Freebsd 4.7

  • Freebsd 4.8

  • Freebsd 4.9

  • Freebsd 5.0

  • Freebsd 5.1

  • Freebsd 5.2

  • Freebsd 5.2.1

  • Freebsd 5.3

  • Freebsd 5.4

  • Redhat Enterprise Linux 2.1

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux 4.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Enterprise Linux Desktop 4.0

  • Redhat Fedora Core Core 3.0

  • Sco Openserver 5.0.7

  • Sco Unixware 7.1.3

  • Sco Unixware 7.1.3 Up

  • Sco Unixware 7.1.4

  • Sun Solaris 10.0

  • Sun Solaris 7.0

  • Sun Solaris 8.0

  • Sun Solaris 9.0

  • Ubuntu Linux 4.1

  • Ubuntu Linux 5.04


References

CERT-VN - VU#911878

BID - 12724

SECTRACK - 1013967

VUPEN - ADV-2005-3002

VUPEN - ADV-2005-0540

REDHAT - RHSA-2005:800

REDHAT - RHSA-2005:476

MISC - http://www.daemonology.net/papers/htt.pdf

MISC - http://www.daemonology.net/hyperthreading-considered-harmful/

MISC - http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754

SUNALERT - 101739

SECUNIA - 18165

SECUNIA - 15348

MLIST - [openbsd-misc] 20050304 Re: FreeBSD hiding security stuff

MLIST - [freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]

MLIST - [freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff

SCO - SCOSA-2005.24


Last Updated: 27 May 2016 10:39:40