FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0109

This CVE name corresponds to:

Entered Topic
2005-05-13 kernel -- information disclosure when using HTT

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-0109 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-0109
Phase Assigned(20050118)

Description

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

References

Source Reference
MISC http://www.daemonology.net/papers/htt.pdf
MISC http://www.daemonology.net/hyperthreading-considered-harmful/
MLIST [openbsd-misc] 20050304 Re: FreeBSD hiding security stuff
MLIST [freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]
MLIST [freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff
MISC http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
FREEBSD FreeBSD-SA-05:09
REDHAT RHSA-2005:476
REDHAT RHSA-2005:800
SCO SCOSA-2005.24
SUNALERT 101739
CERT-VN VU#911878
BID 12724
OVAL oval:org.mitre.oval:def:9747
VUPEN ADV-2005-0540
VUPEN ADV-2005-3002
SECTRACK 1013967
SECUNIA 15348
SECUNIA 18165

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.