Security Alert: Processors Meltdown!

Security Alert: Processors Meltdown!

January 09, 2018
Hello,

Recently multiple disclosed security vulnerabilities took the Internet by storm. Dubbed "Meldown" and "Spectre", those vulnerabilities seem to affect numerous systems and processors including Intel, AMD, ARM; thus it has the potential to affect PCs, servers, networking equipment, mobile devices and even cloud.
An attacker can exploit those vulnerabilities by running a special code locally on the system which could result in accessing privileged data of another process through unprivileged access level.

Meltdown: Rogue data cache load (CVE-2017-5754)
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Spectre Variant 1: Bounds checking bypass (CVE-2017-5753)
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Spectre Variant 2: Branch target injection (CVE-2017-5715)
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Link
Meltdown and Spectre in 3 Minutes

Meltdown in Action: Dumping memory


Below is a list of numerous vendors and links to their articles describing the impact and patching process.
CiscoASR9K, UCS B-Series, UCS C-Series... affected, check KB
F5LTM, ASM, GTM... affected, check KB
Palo Altocheck KB
Junipercheck KB
Riverbedcheck KB
Fortinetcheck KB
Bluecoatcheck KB
Symanteccheck KB
ESETcheck KB
VMwareESXi, Workstation... affected, check KB
Inteli3, i5, i7, Xeon, Atom... affected, check KB
WindowsClient 7, 8.1, 10... affected, check KB
WindowsServer 2008, 2012, 2016... affected, check KB
WindowsSQL 2008, 2012, 2016, 2017... affected, check KB
SynologyDSM 5.2, 6.0, 6.1... affected, check KB
Red HatEnterprise Linux 5, 6, 7, OpenStack... affected, check KB
Ubuntucheck KB
SUSEcheck KB
FirefoxFixed in 57.0.4
ChromeFixed in v64 (to be released January 23)


Cisco IPS signatures that targets those vulnerabilities are:
Signature IDSignature NameReleaseLatest Release Date
8152/0Intel CPU Side Channel Analysis Information DisclosureS100501/05/2018
8152/1Intel CPU Side Channel Analysis Information DisclosureS100501/05/2018
8152/2Intel CPU Side Channel Analysis Information DisclosureS100501/05/2018
8152/3Intel CPU Side Channel Analysis Information DisclosureS100501/05/2018
8152/4Intel CPU Side Channel Analysis Information DisclosureS100501/05/2018

--
Elie Bassil
linkedin.com/in/eliebassil



Next
« Prev Post
Previous
Next Post »

2 comments

Write comments
Subscribe to: Post Comments (Atom)