Advisory: Intel Spectre and Meltdown

Publication Date: 10th Jan 2018
Last Updated: 19th Jan 2018
Version 1.04: Interim

Description

On 3rd January 2018, 3 vulnerabilities were disclosed for Intel microprocessors that could allow an attacker that has local access to a server to read privileged information belonging to other processes or the operating system by installing and executing a malicious unprivileged process.

This vulnerability (CVE-2017-5753 and CVE-2017-5715) is known as Spectre and the vulnerability (CVE-2017-5754) is known as Meltdown. These vulnerabilities are variants in attack vectors to access information in the microprocessor data cache.

All the above vulnerabilities require the same compulsory conditions to exploit the information leak. They require the attacker to be able to:

  1. Gain local access to the equipment. There is no known remote exploit.
  2. Be aware of the underlying OS and microprocessors
  3. Install a specially crafted code for the underlying OS and hardware platform
  4. Execute the crafted code with the required code user privileges. For certain microcode attack vectors, this may require the attacker to have root privileges.

Impact

ANTlabs appliance product family

ANTlabs appliance based products – gateway, AAA and DDI – are closed systems with hardened security for local access. Although the underlying microprocessor and operating system combination may have these vulnerabilities, the controlled local access does not allow execution of any 3rd party code and is not vulnerable to such attacks.

In addition, ANTlabs AAA and DDI appliance products do not allow any new files (including code) to be uploaded to the appliance. This prevents the product administrator(s) with valid login credential from even installing any code.

Certain ANTlabs gateway products allows the administrator to upload custom web login pages to a controlled file repository. These custom files are not directly executable, nor can they be invoked via the embedded web server due to the hardened web service configuration.

ANTlabs Cloud Services

ANTlabs Cloud Services (ACS) is deployed on Amazon AWS EC2 instances.

Statement from Amazon

“All instances across the Amazon EC2 fleet are protected from all known threat vectors from the CVEs previously listed. Customers’ instances are protected against these threats from other instances. We have not observed meaningful performance impact for the overwhelming majority of EC2 workloads.”

Refer to this URL for more details: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/

The ACS operating system is protected as they are closed systems with hardened security for local access which does not allow execution of 3rd party code.

ANTlabs virtualized product family

ANTlabs products deployed in 3rd party private virtualized environments could be vulnerable due to the underlying host environment operating system and hardware platform if the host environment allows malicious code to be executed on the host or other 3rd party virtualized guest environments.

Status

As a pro-active action to further harden ANTlabs gateway appliances, in case of future unknown attack vectors in ANTlabs embedded web service, there will be a patch released in Feb 2018 to prevent binary execution in the custom web pages file repository via the kernel process execution controls in additional to the existing web service security controls.

Affected products are: ANTlabs Tru’Auth AAA, Tru’IP DDI and ACS deployed in a 3rd party virtualized environments.

Recommended Action

ANTlabs gateway appliance

Verify no binary code uploaded to the /login shell directory of ANTlabs SSG3, SSG4, SG4, IG3, IG4, and SG4 gateway products.

For EVI2200, EVI2300, HG3 and HG4, no checks required.

ANTlabs Cloud Services

No actions required.

ANTlabs virtualized products

If the hosting environment is vulnerable, security patches should be applied, and local user access security should be hardened. If no such patches are available, avoid hosting 3rd party guest environment on the same hardware platform as ANTlabs virtualized products.

Any issues, please contact our support at tech-support@antlabs.com.

References

https://googleprojectzero.blogspot.sg/2018/01/reading-privileged-memory-with-side.html