Intel Pentium 超线程技术信息泄露漏洞

漏洞信息详情

Intel Pentium 超线程技术信息泄露漏洞

• CNNVD编号：CNNVD-200503-049
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2005-0109
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2005-03-05
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2007-05-11
  
• 厂        商：
  
  ubuntu
• 漏洞来源：
  Discovery is credi…

Intel Pentium及其他处理器平台上运行的FreeBSD及其他操作系统中采用了超线程技术，本地用户可以通过存储区缓存遗漏相关的计时攻击，使用破坏性线程创建隐蔽通道，监视其他线程的执行并获取密钥等敏感信息。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Turbolinux Appliance Server 1.0 Workgroup Edition

Turbolinux openssl-0.9.6m-3.i586.rpm

Turbolinux Appliance Server 1.0 Workgroup Edition

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux openssl-devel-0.9.6m-3.i586.rpm

Turbolinux Appliance Server 1.0 Workgroup Edition

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

MandrakeSoft Linux Mandrake 10.0 AMD64

Mandriva lib64openssl0.9.7-0.9.7c-3.2.100mdk.amd64.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Mandriva lib64openssl0.9.7-devel-0.9.7c-3.2.100mdk.amd64.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Mandriva lib64openssl0.9.7-static-devel-0.9.7c-3.2.100mdk.amd64.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Mandriva openssl-0.9.7c-3.2.100mdk.amd64.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Mandriva openssl-0.9.7c-3.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Turbolinux Turbolinux Desktop 10.0

Turbolinux openssl-0.9.7d-4.i586.rpm

Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/openssl-0.9.7d-4.i586.rpm

Turbolinux openssl-compat-0.9.6m-7.i586.rpm

Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/openssl-compat-0.9.6m-7.i586.rpm

Turbolinux openssl-devel-0.9.7d-4.i586.rpm

Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/openssl-devel-0.9.7d-4.i586.rpm

MandrakeSoft Linux Mandrake 10.1 x86_64

Mandriva lib64openssl0.9.7-0.9.7d-1.2.101mdk.x86_64.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Mandriva lib64openssl0.9.7-devel-0.9.7d-1.2.101mdk.x86_64.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Mandriva lib64openssl0.9.7-static-devel-0.9.7d-1.2.101mdk.x86_64.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Mandriva openssl-0.9.7d-1.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Mandriva openssl-0.9.7d-1.2.101mdk.x86_64.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

MandrakeSoft Corporate Server 2.1 x86_64

Mandriva libopenssl0-0.9.6i-1.9.C21mdk.x86_64.rpm

Corporate Server 2.1/X86_64:

http://www.mandriva.com/en/download

Mandriva libopenssl0-devel-0.9.6i-1.9.C21mdk.x86_64.rpm

Corporate Server 2.1/X86_64:

http://www.mandriva.com/en/download

Mandriva libopenssl0-static-devel-0.9.6i-1.9.C21mdk.x86_64.rpm

Corporate Server 2.1/X86_64:

http://www.mandriva.com/en/download

Mandriva openssl-0.9.6i-1.9.C21mdk.src.rpm

Corporate Server 2.1/X86_64:

http://www.mandriva.com/en/download

Mandriva openssl-0.9.6i-1.9.C21mdk.x86_64.rpm

Corporate Server 2.1/X86_64:

http://www.mandriva.com/en/download

MandrakeSoft Corporate Server 2.1

Mandriva libopenssl0-0.9.6i-1.9.C21mdk.i586.rpm

Corporate Server 2.1:

http://www.mandriva.com/en/download

Mandriva libopenssl0-devel-0.9.6i-1.9.C21mdk.i586.rpm

Corporate Server 2.1:

http://www.mandriva.com/en/download

Mandriva libopenssl0-static-devel-0.9.6i-1.9.C21mdk.i586.rpm

Corporate Server 2.1:

http://www.mandriva.com/en/download

Mandriva openssl-0.9.6i-1.9.C21mdk.i586.rpm

Corporate Server 2.1:

http://www.mandriva.com/en/download

Mandriva openssl-0.9.6i-1.9.C21mdk.src.rpm

Corporate Server 2.1:

http://www.mandriva.com/en/download

MandrakeSoft Corporate Server 3.0

Mandriva libopenssl0.9.7-0.9.7c-3.2.C30mdk.i586.rpm

Corporate 3.0:

http://www.mandriva.com/en/download

Mandriva libopenssl0.9.7-devel-0.9.7c-3.2.C30mdk.i586.rpm

Corporate 3.0:

http://www.mandriva.com/en/download

Mandriva libopenssl0.9.7-static-devel-0.9.7c-3.2.C30mdk.i586.rpm

Corporate 3.0:

http://www.mandriva.com/en/download

Mandriva openssl-0.9.7c-3.2.C30mdk.i586.rpm

Corporate 3.0:

http://www.mandriva.com/en/download

Mandriva openssl-0.9.7c-3.2.C30mdk.src.rpm

Corporate 3.

来源: US-CERT

名称: VU#911878

链接:http://www.kb.cert.org/vuls/id/911878

来源: BID

名称: 12724

链接:http://www.securityfocus.com/bid/12724

来源: VUPEN

名称: ADV-2005-0540

链接:http://www.frsirt.com/english/advisories/2005/0540

来源: SECTRACK

名称: 1013967

链接:http://securitytracker.com/id?1013967

来源: REDHAT

名称: RHSA-2005:800

链接:http://www.redhat.com/support/errata/RHSA-2005-800.html

来源: REDHAT

名称: RHSA-2005:476

链接:http://www.redhat.com/support/errata/RHSA-2005-476.html

来源: VUPEN

名称: ADV-2005-3002

链接:http://www.frsirt.com/english/advisories/2005/3002

来源: MISC

链接:http://www.daemonology.net/papers/htt.pdf

来源: MISC

链接:http://www.daemonology.net/hyperthreading-considered-harmful/

来源: MISC

链接:http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754

来源: SUNALERT

名称: 101739

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1

来源: SECUNIA

名称: 18165

链接:http://secunia.com/advisories/18165

来源: SECUNIA

名称: 15348

链接:http://secunia.com/advisories/15348

来源: MLIST

名称: [openbsd-misc] 20050304 Re: FreeBSD hiding security stuff

链接:http://marc.theaimsgroup.com/?l=openbsd-misc&m=110995101417256&w=2

来源: MLIST

名称: [freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]

链接:http://marc.theaimsgroup.com/?l=freebsd-security&m=110994370429609&w=2

来源: MLIST

名称: [freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff

链接:http://marc.theaimsgroup.com/?l=freebsd-hackers&m=110994026421858&w=2

来源: SCO

名称: SCOSA-2005.24

链接:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt