CVE-2005-0109

Severity

47%

Complexity

34%

Confidentiality

115%

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

CVSS 3.0 Base Score 5.6. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N).

CVSS 2.0 Base Score 4.7. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:N/A:N).

Overview

First reported 19 years ago

2005-03-05 05:00:00

Last updated 6 years ago

2018-10-16 12:06:00

Affected Software

FreeBSD 1.1.5.1

1.1.5.1

FreeBSD 2.0

2.0

FreeBSD 2.0.5

2.0.5

FreeBSD 2.1.0

2.1.0

FreeBSD 2.1.5

2.1.5

FreeBSD 2.1.6

2.1.6

FreeBSD 2.1.6.1

2.1.6.1

FreeBSD 2.1.7.1

2.1.7.1

FreeBSD 2.2

2.2

FreeBSD 2.2.2

2.2.2

FreeBSD 2.2.3

2.2.3

FreeBSD 2.2.4

2.2.4

FreeBSD 2.2.5

2.2.5

FreeBSD 2.2.6

2.2.6

FreeBSD 2.2.8

2.2.8

FreeBSD 3.0

3.0

FreeBSD 3.1

3.1

FreeBSD 3.2

3.2

FreeBSD 3.3

3.3

FreeBSD 3.4

3.4

FreeBSD 3.5

3.5

FreeBSD 3.5.1

3.5.1

FreeBSD 4.0

4.0

FreeBSD 4.1

4.1

FreeBSD 4.1.1

4.1.1

FreeBSD 4.2

4.2

FreeBSD 4.3

4.3

FreeBSD 4.4

4.4

FreeBSD 4.5

4.5

FreeBSD 4.6

4.6

FreeBSD 4.6.2

4.6.2

FreeBSD 4.7

4.7

FreeBSD 4.8

4.8

FreeBSD 4.9

4.9

FreeBSD 4.10

4.10

FreeBSD 5.0

5.0

FreeBSD 5.1

5.1

FreeBSD 5.2

5.2

FreeBSD 5.3

5.3

Red Hat Desktop 3.0

3.0

Red Hat Desktop 4.0

4.0

References

SCOSA-2005.24

Third Party Advisory

[freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff

Mailing List

[freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]

Mailing List

[openbsd-misc] 20050304 Re: FreeBSD hiding security stuff

Mailing List

15348

Permissions Required

18165

Permissions Required

1013967

Patch, Third Party Advisory, VDB Entry, Vendor Advisory

101739

Vendor Advisory

http://www.daemonology.net/hyperthreading-considered-harmful/

Third Party Advisory

http://www.daemonology.net/papers/htt.pdf

Third Party Advisory

VU#911878

Third Party Advisory, US Government Resource

RHSA-2005:476

Not Applicable

RHSA-2005:800

Not Applicable

12724

Patch, Third Party Advisory, VDB Entry, Vendor Advisory

ADV-2005-0540

Permissions Required

ADV-2005-3002

Permissions Required

http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754

Broken Link

oval:org.mitre.oval:def:9747

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.