[Semibug] OpenBSD vulnerable to Meltdown & Spectre?
BCLUG
admin at bclug.ca
Wed Jun 7 16:58:31 EDT 2023
Jonathan Drews wrote on 2023-06-07 13:48:
> What I am asking here is that in order for Spectre and Meltdown to
> work they have to deliver a malicious payload. That payload is
> inside a Tcp/Ip packet.
>
> ...
>
> Is this a correct assessment?
I don't think it's entirely correct.
The type of vulnerability under discussion isn't a nasty packet, it's a
software routine that is finely tuned to take advantage of hardware
characteristics of specific CPU / RAM combinations.
I really don't think it's something that can be dealt with at the firewall.
Unless my memory & understanding is all wrong (a distinct possibility).
This is one class of vulnerability that I spent zero time being
concerned about.
*If* someone could get this type of exploit to execute on my machine,
*maybe* at best they could derive a password from RAM.
That wouldn't get them a user nor a host which they could use the
password successfully.
Are there any reports of wide-spread attempts with these?
Any reports of successful, non-targeted, non-theoretical exploits?
rb
More information about the Semibug
mailing list