Announcement

Collapse
No announcement yet.

Kaspersky claims remote DoS against all Intel chips

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Kaspersky claims remote DoS against all Intel chips

    http://conference.hitb.org/hitbsecco...l/?page_id=214

    From the abstract:

    According to the Intel Specification Updates, Intel Core 2 has 128 confirmed bugs. Intel Itanium (designed for critical systems) looks more “promising”, carrying over 230 bugs. They have all been confirmed by Intel and described in errata section of their specification updates. Some bugs “just” crash the system (under quite rare conditions) while the others give the attackers full control over the machine. In other words, Intel CPUs have exploitable bugs which are vulnerable to both local and remote attacks which works against any OS regardless of the patches applied or the applications which are running.
    Sounds pretty nuts...

    Edit: yeah, sounds worse than a DoS, he's claiming "full control over the machine"
    Last edited by bascule; July 15, 2008, 01:05.
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Re: Kaspersky claims remote DoS against all Intel chips

    Color me completely unsurprised.

    To bugfix patch a chip, do you have to drive to the user's house and replace it for them?
    " 'Yields falsehood when preceded by its quotation' yields falsehood when preceded by its quotation."
    - Willard Orman Van Quine

    Comment


    • #3
      Re: Kaspersky claims remote DoS against all Intel chips

      In other words, Intel CPUs have exploitable bugs which are vulnerable to both local and remote attacks which works against any OS regardless of the patches applied or the applications which are running.
      I wouldn't quite say that. The fact of the matter is that in order to trigger these errata (unless this is something new that I've never heard of, in which case my brain just melted), you need to execute code on the machine. Hardly a remote code execution exploit if you're already executing code to do it, isn't it? I can think of much easier ways to lock up a machine, too (that aren't CPU-dependent).

      Now where the closest thing to danger comes in is on the couple of odd errata that I've seen that break the CPUs own internal protections - usually the thermal protection. Could make for some interesting targeted attacks against certain servers. Break the CPU thermal protection, shut down the cooling fans in the "management suite" and wait for the smoke.


      Oh, and AMD has similar errata lists.

      Comment


      • #4
        Re: Kaspersky claims remote DoS against all Intel chips

        Originally posted by Wing View Post
        you need to execute code on the machine. Hardly a remote code execution exploit if you're already executing code to do it, isn't it?
        You need to make the CPU execute instruction sequences that trigger the errata.

        Kaspersky seems to be talking about doing this with things like a carefully crafted storm of TCP packets.
        45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
        45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
        [ redacted ]

        Comment


        • #5
          Re: Kaspersky claims remote DoS against all Intel chips

          The best metaphor I can think of is the out of band attack on port 139 but targeting the processor itself vs a Windows service. I'd have to see the presentation for more details but that's the first that came to mind at least.
          " 'Yields falsehood when preceded by its quotation' yields falsehood when preceded by its quotation."
          - Willard Orman Van Quine

          Comment


          • #6
            Re: Kaspersky claims remote DoS against all Intel chips

            Originally posted by moleprince View Post
            The best metaphor I can think of is the out of band attack on port 139 but targeting the processor itself vs a Windows service. I'd have to see the presentation for more details but that's the first that came to mind at least.
            I hate to throw a semantic flag on the FUD play here but, let's see some *specific* citations. With _all_due_respect_ to Kaspersky, I'm not going to go look this up, I'd just like to hear more detail on whatever y'all are going on about.

            The CPU doesn't execute instructions directly off the TCP stack. You need to sit with a diagram of the OSI layers and a cup of cocoa and calm down.

            There's a major difference between a chipset and a CPU and then you start pulling thermal failures as if that is going to suddenly make a CPU execute a TCP instruction directly off the stack. It won't.

            What we need here, my brothas, is some direct citations from the authorities and another round of motivation from the good bartender to keep us on the path of righteousness, for we are fighting the good fight.

            *cough*

            Can I get an AMEN!

            Oh, wait, I thought it was Sunday.... Is it still 6 days to con? It's the thought that counts....
            That's my story and I'm sticking to it.

            Comment


            • #7
              Re: Kaspersky claims remote DoS against all Intel chips

              Originally posted by moleprince View Post
              Color me completely unsurprised.

              To bugfix patch a chip, do you have to drive to the user's house and replace it for them?
              Not sure if you're joking or not, but for the edification of others:
              You can load microcode changes to the processor during it's initialization. Fixes are distributed in BIOS updates and are volatile.

              That wasn't always the case, mind you. I'm pretty sure it started in the x86 architecture after the Pentium chips with the floating point bug were released.

              Comment


              • #8
                Re: Kaspersky claims remote DoS against all Intel chips

                Originally posted by ndex View Post
                I hate to throw a semantic flag on the FUD play here but, let's see some *specific* citations. With _all_due_respect_ to Kaspersky, I'm not going to go look this up, I'd just like to hear more detail on whatever y'all are going on about.

                The CPU doesn't execute instructions directly off the TCP stack. You need to sit with a diagram of the OSI layers and a cup of cocoa and calm down.

                There's a major difference between a chipset and a CPU and then you start pulling thermal failures as if that is going to suddenly make a CPU execute a TCP instruction directly off the stack. It won't.

                What we need here, my brothas, is some direct citations from the authorities and another round of motivation from the good bartender to keep us on the path of righteousness, for we are fighting the good fight.

                *cough*

                Can I get an AMEN!

                Oh, wait, I thought it was Sunday.... Is it still 6 days to con? It's the thought that counts....

                I agree completely. I'm looking forward to hearing the details, because the release doesn't seem to quite add up. I was just throwing out an example of how a remote exploit doesn't necessarily have to include custom code on the victim machine being executed.
                " 'Yields falsehood when preceded by its quotation' yields falsehood when preceded by its quotation."
                - Willard Orman Van Quine

                Comment

                Working...
                X