http://www.fcw.com/article94010-04-10-06-Print
this is ten days old and I am kind of surprised that no one else grabbed it
Looks like Opterons are starting to look alot better for Servers.

http://www.fcw.com/article94010-04-10-06-Print
this is ten days old and I am kind of surprised that no one else grabbed it
Looks like Opterons are starting to look alot better for Servers.


"...Every computer that runs on x86 chip architecture may be vulnerable to this attack..."

Im wondering if this is theory, or proven.

Nobody has grabbed it because it is total B/S....

It doesn't work on Windows, but it does work on every x86 CPU including the Opteron etc.

However the bug isn't really a bug in the CPU, the CPU is just doing what it is supposed to be doing. The bug is in most Unix based operating systems, however the term "It isn't a bug, its a feature" comes to mind.

What it does:

When you allready have access to the main memory (aka you are root) you can access the SMR (system management RAM) which normally contains a loop in which the CPU is instructed to do nothing. Then by tricking the CPU in thinking it's overheating it will automatically go into SMM (system management mode) and thus execute everything in the SMR.

In this manner you could place an exploit into the SMR and trick the CPU into running the exploit, therefor you can get higher then root access to the machine. This can even be done remotely, this has been demonstrated.

However, the SMM feature is clearly documented, the bug is in the operating system for 1 allowing access to the SMR (which isn't possible under Windows) and for 2 allowing the CPU to be fooled into SMM (which is less important since you shouldn't have access to the SMR and there are other ways of overheating the CPU and this tricking SMM).

So a lot of smoke about nothing, an exploit for which you need root access.. what would a hacker want if he's allready root?

Nobody has grabbed it because it is total B/S....

It doesn't work on Windows, but it does work on every x86 CPU including the Opteron etc.

However the bug isn't really a bug in the CPU, the CPU is just doing what it is supposed to be doing. The bug is in most Unix based operating systems, however the term "It isn't a bug, its a feature" comes to mind.

What it does:

When you allready have access to the main memory (aka you are root) you can access the SMR (system management RAM) which normally contains a loop in which the CPU is instructed to do nothing. Then by tricking the CPU in thinking it's overheating it will automatically go into SMM (system management mode) and thus execute everything in the SMR.

In this manner you could place an exploit into the SMR and trick the CPU into running the exploit, therefor you can get higher then root access to the machine. This can even be done remotely, this has been demonstrated.

However, the SMM feature is clearly documented, the bug is in the operating system for 1 allowing access to the SMR (which isn't possible under Windows) and for 2 allowing the CPU to be fooled into SMM (which is less important since you shouldn't have access to the SMR and there are other ways of overheating the CPU and this tricking SMM).

So a lot of smoke about nothing, an exploit for which you need root access.. what would a hacker want if he's allready root?


Umm yah wut he said!!

Nobody has grabbed it because it is total B/S....
Agreed