OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    SCO Security Advisory

Subject: OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage
Advisory number: SCOSA-2005.24
Issue date: 2005 May 13
Cross reference: sr893223 fz531468 erg712804 sr893224 fz531469 erg712805 CAN-2005-0109

1. Problem Description

    Hyper-Threading (HT) Technology allows two series of
    instructions to run simultaneously and independently on a
    single Intel(R) Xeon (TM) or HT-enabled Intel Pentium(R) 4
    processor. With Hyper-Threading Technology enabled, the
    system treats a physical processor as two "logical"
    processors. Each logical processor is allocated a thread
    on which to work, as well as a share of execution resources
    such as cache memories, execution units, and buses. 
   
    In Colin Percival's paper "Cache Missing for Fun and Profit", he 
    describes the problem of sharing of caches which could provide a
    high bandwidth covert channel between threads, and could also 
    permit a malicious thread operating with limited privileges 
    to monitor the execution of another thread, allowing 
    in some cases for theft of cryptographic key data.
    
    This issue affects OpenServer 5.0.7 if SMP is installed and any
    Update Pack is applied.  It also affects UnixWare 7.1.4 and 7.1.3 
    if Hyper-Threading is enabled.  (Hyper-Threading is disabled in
    UnixWare by default.) 
   
    The Common Vulnerabilities and Exposures project (cve.mitre.org) 
    has assigned the name CAN-2005-0109 to this issue.
   

2. Vulnerable Supported Versions

    System                  
    ----------------------------------------------------------
    OpenServer 5.0.7 with SMP and any Update Pack installed
    UnixWare 7.1.4 with Hyper-Threading enabled
    UnixWare 7.1.3 with Hyper-Threading enabled
   

3. Solution

    The proper solution is to disable Hyper-Threading, unless you 
    are certain that (1) no authorized users of your system have the 
    ability to run a malicious program, and (2) it is not possible 
    for any unauthorized users to access the system.  
   

4. OpenServer 5.0.7

    4.1 Workaround
   
    SCO OpenServer supports Hyper-Threading Technology via the
    SCO OpenServer Release 5.0.7 Symmetrical Multiprocessing
    (SMP) product. When SMP plus any Update Pack is installed, 
    Hyper-Threading is enabled by default.
   
    To disable Hyper-Threading, update the crllry_hyperthread_enable 
    kernel variable. This variable is defined in the 
    /etc/conf/pack.d/crllry/space.c file. Specify a value of "0" 
    to disable Hyper-Threading. To modify this variable, edit the file, 
    then relink and reboot the kernel.  You can use the "cpuonoff -c"
    command to display the processor status.
   
    See the hyperthread(HW) man page for details.
   

5. UnixWare 7.1.4 / UnixWare 7.1.3

    5.1 Workaround
   
    Hyperthreading is supported on UnixWare 7.1.3 and 7.1.4 when
    the osmp package is installed.  It is disabled by default. 
    If it has been enabled, remove the ENABLE_JT=Y line from 
    /stand/boot to disable it.  Then use the command
   
            shutdown -i6 -g0 -y
   
    to rebuild the kernel and reboot the system.  You can use the 
    psrinfo(1M) command to display the processor status.  
   
    See the ENABLE_JT (Jackson Technology) boot parameter in the 
    boot(4) man page for details.
   

6 Location of this security advisory

    ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24 and
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.24

7. References

    Specific references for this advisory:
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109
   
    SCO security resources:
            http://www.sco.com/support/security/index.html
   
    SCO security advisories via email
            http://www.sco.com/support/forums/security.html
   
    This security fix is tracked by SCO incidents sr893223 fz531468
    erg712804 sr893224 fz531469 erg712805.
   

8. Disclaimer

    SCO is not responsible for the misuse of any of the information
    we provide on this website and/or through our security
    advisories. Our advisories are a service to our customers
    intended to promote secure installation and use of SCO
    products.
   

9. Acknowledgments

    SCO would like to thank Colin Percival.
   

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)

iD8DBQFChNNhaqoBO7ipriERAqqEAKCMIzQemt+9lNCO3AlLOJMks0EdqgCgn6SW
FedwEAYjiPA/qMKHqBdEVaA=
=9KqS
-----END PGP SIGNATURE-----