PeterNic
03-19-2009, 09:27 PM
The Invisible Things Lab posted today a new report on Intel Xeon CPU vulnerability that affects servers using these processors.
The attack works by using cache poisoning to execute malware-injected code in the System Management Mode (SMM) memory known as SMRAM.
The vulnerability is disclosed at:
http://invisiblethingslab.com/resources/misc09/smm_cache_fun.pdf
We take all security issues seriously and we're analyzing whether this vulnerability affects systems running AppLogic.
On a first read, this attack is possible only against servers where the logged-in root user has access to the physical server (either non-virtualized server or the trusted domain of a virtualized server); likely not possible from guest OS on a virtualized server. Since AppLogic does not allow access to the trusted domain, we expect AppLogic-based systems are not vulnerable to this attack (at least, not without an additional attack vector that provides access to the trusted domain).
We will follow CPU and hardware vendors updated microcode / BIOS and post more information. If any updates to AppLogic become available, we will post them to the Announcements forum (you can easily subscribe to that forum to receive important updates about AppLogic).
Best regards,
-- Peter
The attack works by using cache poisoning to execute malware-injected code in the System Management Mode (SMM) memory known as SMRAM.
The vulnerability is disclosed at:
http://invisiblethingslab.com/resources/misc09/smm_cache_fun.pdf
We take all security issues seriously and we're analyzing whether this vulnerability affects systems running AppLogic.
On a first read, this attack is possible only against servers where the logged-in root user has access to the physical server (either non-virtualized server or the trusted domain of a virtualized server); likely not possible from guest OS on a virtualized server. Since AppLogic does not allow access to the trusted domain, we expect AppLogic-based systems are not vulnerable to this attack (at least, not without an additional attack vector that provides access to the trusted domain).
We will follow CPU and hardware vendors updated microcode / BIOS and post more information. If any updates to AppLogic become available, we will post them to the Announcements forum (you can easily subscribe to that forum to receive important updates about AppLogic).
Best regards,
-- Peter