*BSD中文用户社区

原文链接 http://www.open-open.com/news/view/fa6d58

作者 openkk 2012-06-16 14:08:45

美国计算机应急预备小组本周发布了一份安全报告， 一些 64 位操作系统和虚拟化软件程序在 Intel 处理器上运行时，容易受到本地特权扩大攻击（ local privilege escalation）。该漏洞可能被利用来获取本地特权扩大或是 guest-to-host 虚拟机逃逸（virtual machine escape）。

这一漏洞（CVE-2012-0217）源于 Intel 处理器在 x86-64扩展（也就是 Intel 64）中执行 SYSRET 指令集的方式，仅仅影响 Intel 处理器上的 Intel 64 扩展使用，32位操作系统或虚拟化软件不受影响。

受影响的操作系统包括：64位 Windows 7、Windows Server 2008 R2、64位 FreeBSD 和 NetBSD、Xen 虚拟化软件、红帽企业 Linux、SUSE Linux Enterprise Server。

VMware 安全团队表示，VMware 的管理程序不使用 SYSRET 指令集，因此，VMWare 不受此漏洞影响。


--------------------------得意的分割线-------------------------
虽然是本月中旬的旧闻了，但这充分说明俺选择OpenBSD、弃用x86架构的准确英明以及高瞻远瞩:D

http://marc.info/?t=133957103700004&r=1&w=2

On Wed, Jun 13, 2012 at 12:54 AM, Philip Guenther <[email protected]> wrote:
> On Tuesday, June 12, 2012, bj.perso wrote:
>>
>> FreeBSD and NetBSD seem affected, how about OpenBSD ?
>
> Nope. The necessary check(s) for setting bogus return addresses has been
in
> place since, uh, 2004. Ditto for always returning from signal handlers
> using iretq instead of sysretq.

To correct and clarify: while the "bogus return address" checks date
back to 2004, the return from signal handler path wasn't *forced* to
use iretq until OpenBSD 5.0. Previous versions used iretq normally,
but manually written code could force it to use sysretq and trigger
this issue.

(Thank you to Rafal Wojtczuk for the original discussion and for
catching my misleading note above.)


So, if you're still running amd64 OpenBSD 4.9 or earlier on Intel
hardware, you need to upgrade.

(Thanks, Intel, for screwing this up.)


Philip Guenther