Intel Cache Poisoning Bug Could Be Troublesome for Linux Xen Environments
Written by Adam Barlam on April 23rd, 2009 to IT NewsSlashdot recently reporting that “A researcher recently released proof-of-concept code for an exploit that allows a hacker to overrun an Intel CPU cache and plant a rootkit. A second, independent researcher has examined the exploit and noted that it is so simple and so stealthy that it is likely out in the wild now, unbeknownst to its victims. The attack works best on a Linux system with an Intel DQ35 motherboard with 2GB of memory. It turns out that Linux allows the root user to access MTR registers incredibly easily. With Windows this exploit can be used, but requires much more work and skill and so while the Linux exploit code is readily available now, no Windows exploit code has, so far, been released or seen. This attack is hardware specific, but unfortunately, it is specific to Intel’s popular DQ35 motherboards.”
This news could be troublesome for web hosting environments where virtual machine technology is often employed. A VPS “root” user could exploit the system and obtain root access over many systems and compromise them all. We will have to keep a close eye on this one!
![[Bloglines]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/bloglines.png)
![[del.icio.us]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/delicious.png)
![[Digg]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/digg.png)
![[Facebook]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/facebook.png)
![[Furl]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/furl.png)
![[Google]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/google.png)
![[MySpace]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/myspace.png)
![[Reddit]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/reddit.png)
![[Slashdot]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/slashdot.png)
![[StumbleUpon]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/stumbleupon.png)
![[Technorati]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/technorati.png)
![[Email]](http://www.barlamenterprises.com/articles/wp-content/plugins/bookmarkify/email.png)
