Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00036
HistoryMar 31, 2014 - 12:00 a.m.

Intel® Manycore Platform Software Stack Privilege Escalation

2014-03-3100:00:00
Intel Security Center
www.intel.com
6
JSON

Summary:

A previously undisclosed vulnerability in the Intel® Manycore Platform Software Stack (Intel® MPSS) was discovered during internal testing. The vulnerability could allow elevation of privilege under certain circumstances if an attacker has a valid account on a host that contains an Intel® Xeon Phi™ coprocessor.

Description:

A previously undisclosed vulnerability in the Intel® Manycore Platform Software Stack (Intel® MPSS) was discovered during internal testing. The vulnerability could allow elevation of privilege under certain circumstances if an attacker has a valid account on a host that contains an Intel® Xeon Phi™ coprocessor. The security update addresses the vulnerability by correcting how SSH key files processed by micctrl are validated.

The vulnerability is not affected by the Linux* OS version on the host. Intel recommends updating to 2.1.6720-23 or 3.1.4-1 for all supported versions of the Linux* host OS, RHEL 6.0, RHEL 6.1, RHEL 6.2, RHEL 6.3, RHEL 6.4, RHEL 6.5, SUSE 11.1, SUSE 11.2, SUSE 11.3. Intel® MPSS for Microsoft* Windows* is not subject to this vulnerability and thus no updates will be provided for these versions of the Intel® MPSS.

Intel’s processors are functioning within specification; this is a software implementation issue.

JSON