Vulnerabilities > CVE-2005-0109 - Information Disclosure vulnerability in Multiple Vendor Hyper-Threading Technology

CVSS 4.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

local

nessus

NVD

Published: 2005-03-05

Updated: 2018-10-16

Summary

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Vulnerable Configurations

Part	Description	Count
OS	Freebsd Freebsd Freebsd 1.1.5.1 Freebsd Freebsd 2.0 Freebsd Freebsd 2.0.5 Freebsd Freebsd 2.1.0 Freebsd Freebsd 2.1.5 Freebsd Freebsd 2.1.6 Freebsd Freebsd 2.1.6.1 Freebsd Freebsd 2.1.7.1 Freebsd Freebsd 2.2 Freebsd Freebsd 2.2.2 Freebsd Freebsd 2.2.3 Freebsd Freebsd 2.2.4 Freebsd Freebsd 2.2.5 Freebsd Freebsd 2.2.6 Freebsd Freebsd 2.2.8 Freebsd Freebsd 3.0 Freebsd Freebsd 3.1 Freebsd Freebsd 3.2 Freebsd Freebsd 3.3 Freebsd Freebsd 3.4 Freebsd Freebsd 3.5 Freebsd Freebsd 3.5.1 Freebsd Freebsd 4.0 Freebsd Freebsd 4.1 Freebsd Freebsd 4.1.1 Freebsd Freebsd 4.2 Freebsd Freebsd 4.3 Freebsd Freebsd 4.4 Freebsd Freebsd 4.5 Freebsd Freebsd 4.6 Freebsd Freebsd 4.6.2 Freebsd Freebsd 4.7 Freebsd Freebsd 4.8 Freebsd Freebsd 4.9 Freebsd Freebsd 4.10 Freebsd Freebsd 4.11 Freebsd Freebsd 5.0 Freebsd Freebsd 5.1 Freebsd Freebsd 5.2 Freebsd Freebsd 5.2.1 Freebsd Freebsd 5.3 Freebsd Freebsd 5.4	92
OS	Redhat Redhat Enterprise Linux 2.1 Redhat Enterprise Linux 3.0 Redhat Enterprise Linux 4.0 Redhat Enterprise Linux Desktop 3.0 Redhat Enterprise Linux Desktop 4.0 Redhat Fedora Core Core_3.0	15
OS	Sco SCO Openserver 5.0.7 SCO Unixware 7.1.3 SCO Unixware 7.1.3_Up SCO Unixware 7.1.4	4
OS	Sun SUN Solaris 7.0 SUN Solaris 8.0 SUN Solaris 9.0 SUN Solaris 10.0	5
OS	Ubuntu Ubuntu Ubuntu Linux 4.1 Ubuntu Ubuntu Linux 5.04	5

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-096.NASL
description	Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys (CVE-2005-0109). The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private key operations. The patch was designed to mitigate cache timing and possibly related attacks.
last seen	2020-06-01
modified	2020-06-02
plugin id	18434
published	2005-06-08
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18434
title	Mandrake Linux Security Advisory : openssl (MDKSA-2005:096)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:096. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(18434); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2005-0109"); script_xref(name:"MDKSA", value:"2005:096"); script_name(english:"Mandrake Linux Security Advisory : openssl (MDKSA-2005:096)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys (CVE-2005-0109). The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private key operations. The patch was designed to mitigate cache timing and possibly related attacks." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl0.9.7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64openssl0.9.7-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libopenssl0.9.7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libopenssl0.9.7-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libopenssl0.9.7-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64openssl0.9.7-0.9.7c-3.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64openssl0.9.7-devel-0.9.7c-3.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64openssl0.9.7-static-devel-0.9.7c-3.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libopenssl0.9.7-0.9.7c-3.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libopenssl0.9.7-devel-0.9.7c-3.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libopenssl0.9.7-static-devel-0.9.7c-3.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"openssl-0.9.7c-3.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64openssl0.9.7-0.9.7d-1.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64openssl0.9.7-devel-0.9.7d-1.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64openssl0.9.7-static-devel-0.9.7d-1.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libopenssl0.9.7-0.9.7d-1.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libopenssl0.9.7-devel-0.9.7d-1.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libopenssl0.9.7-static-devel-0.9.7d-1.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"openssl-0.9.7d-1.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64openssl0.9.7-0.9.7e-5.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64openssl0.9.7-devel-0.9.7e-5.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64openssl0.9.7-static-devel-0.9.7e-5.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libopenssl0.9.7-0.9.7e-5.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libopenssl0.9.7-devel-0.9.7e-5.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libopenssl0.9.7-static-devel-0.9.7e-5.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"openssl-0.9.7e-5.1.102mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-476.NASL
description	Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Colin Percival reported a cache timing attack that could allow a malicious local user to gain portions of cryptographic keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-0109 to the issue. The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private-key operations. This patch is designed to mitigate cache timing and potentially related attacks. A flaw was found in the way the der_chop script creates temporary files. It is possible that a malicious local user could cause der_chop to overwrite files (CVE-2004-0975). The der_chop script was deprecated and has been removed from these updated packages. Red Hat Enterprise Linux 4 did not ship der_chop and is therefore not vulnerable to this issue. Users are advised to update to these erratum packages which contain patches to correct these issues. Please note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
last seen	2020-06-01
modified	2020-06-02
plugin id	21830
published	2006-07-03
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21830
title	CentOS 3 / 4 : openssl (CESA-2005:476)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-111.NASL
description	Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following have been fixed in the 2.4 kernels : Colin Percival discovered a vulnerability in Intel
last seen	2020-06-01
modified	2020-06-02
plugin id	18599
published	2005-07-01
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18599
title	Mandrake Linux Security Advisory : kernel-2.4 (MDKSA-2005:111)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-800.NASL
description	Updated OpenSSL packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. This work-around is enabled in most servers that use OpenSSL to provide support for SSL and TLS. Yutaka Oiwa discovered that this work-around could allow an attacker, acting as a
last seen	2020-06-01
modified	2020-06-02
plugin id	21861
published	2006-07-03
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21861
title	CentOS 3 / 4 : openssl (CESA-2005:800)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-476.NASL
description	Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Colin Percival reported a cache timing attack that could allow a malicious local user to gain portions of cryptographic keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-0109 to the issue. The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private-key operations. This patch is designed to mitigate cache timing and potentially related attacks. A flaw was found in the way the der_chop script creates temporary files. It is possible that a malicious local user could cause der_chop to overwrite files (CVE-2004-0975). The der_chop script was deprecated and has been removed from these updated packages. Red Hat Enterprise Linux 4 did not ship der_chop and is therefore not vulnerable to this issue. Users are advised to update to these erratum packages which contain patches to correct these issues. Please note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
last seen	2020-06-01
modified	2020-06-02
plugin id	18409
published	2005-06-02
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/18409
title	RHEL 2.1 / 3 / 4 : openssl (RHSA-2005:476)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-131-1.NASL
description	Colin Percival discovered an information disclosure in the
last seen	2020-06-01
modified	2020-06-02
plugin id	20522
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20522
title	Ubuntu 4.10 / 5.04 : linux-source-2.6.8.1, linux-source-2.6.10 vulnerabilities (USN-131-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-800.NASL
description	Updated OpenSSL packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. This work-around is enabled in most servers that use OpenSSL to provide support for SSL and TLS. Yutaka Oiwa discovered that this work-around could allow an attacker, acting as a
last seen	2020-06-01
modified	2020-06-02
plugin id	20050
published	2005-10-19
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/20050
title	RHEL 2.1 / 3 / 4 : openssl (RHSA-2005:800)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-110.NASL
description	Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following CVE names have been fixed in the LE2005 kernel : Colin Percival discovered a vulnerability in Intel
last seen	2020-06-01
modified	2020-06-02
plugin id	18598
published	2005-07-01
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18598
title	Mandrake Linux Security Advisory : kernel (MDKSA-2005:110)

Oval

accepted

2013-04-29T04:21:49.525-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:9747

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa
id RHSA-2005:476
rhsa
id RHSA-2005:800

rpms

openssl-0:0.9.7a-33.15
openssl-0:0.9.7a-43.2
openssl-debuginfo-0:0.9.7a-33.15
openssl-debuginfo-0:0.9.7a-43.2
openssl-devel-0:0.9.7a-33.15
openssl-devel-0:0.9.7a-43.2
openssl-perl-0:0.9.7a-33.15
openssl-perl-0:0.9.7a-43.2
openssl096b-0:0.9.6b-16.22.3
openssl096b-0:0.9.6b-22.3
openssl096b-debuginfo-0:0.9.6b-16.22.3
openssl096b-debuginfo-0:0.9.6b-22.3
openssl-0:0.9.7a-33.17
openssl-0:0.9.7a-43.4
openssl-debuginfo-0:0.9.7a-33.17
openssl-debuginfo-0:0.9.7a-43.4
openssl-devel-0:0.9.7a-33.17
openssl-devel-0:0.9.7a-43.4
openssl-perl-0:0.9.7a-33.17
openssl-perl-0:0.9.7a-43.4
openssl096b-0:0.9.6b-16.22.4
openssl096b-0:0.9.6b-22.4
openssl096b-debuginfo-0:0.9.6b-16.22.4
openssl096b-debuginfo-0:0.9.6b-22.4

Statements

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

Statements

References