Nobody can use a Granicus application to run their own code, so there’s no risk of anyone stealing data from memory.
#SPECTRE MELTDOWN SOFTWARE#
Although we don’t manage the hardware in this situation, it follows the same concept as the Software as a Service (SaaS) description above.
In some cases, Granicus software may be installed in your data center. What does it mean for me – On-Premise solutions It’s also important to note that Amazon and Microsoft both upgraded their systems to prevent Spectre and Meltdown before it was publicly announced, so workloads running on both of those cloud providers are also protected.
#SPECTRE MELTDOWN CODE#
That means we don’t have to worry about someone outside of Granicus running code on the same physical hardware as we are. While many organizations use cloud providers like Amazon AWS and Microsoft Azure to host their servers, Granicus owns and manages most of its own hardware. Only employees that have a business need are given access to the infrastructure, so there’s no way for a bad guy to try stealing data from memory. This means you access the application remotely and have no ability to execute code on our servers. Granicus’ solutions are offered as Software as a Service (SaaS). What does it mean for me – Software as a Service (SaaS) solutions Meltdown (CVE-2017-5754) is a technique that allows a user process to read kernel memory.įor a good real-world analogy of the vulnerability, this thread on Twitter does a good job of explaining how the vulnerability works. In essence, the malicious process tries to intercept the memory locations before the CPU transparently rolls back the non-used memory. Spectre (CVE-2017-5753 and CVE-2017-5715), also known as “bounds check bypass” and “branch target injection” are two different techniques that exploit the fact that the CPU is guessing what you want to do. If it turns out it’s not needed, it transparently rolls back. The feature basically guesses what execution path the process is going to use and executes the branch before it’s asked for. There are two hardware bugs that were announced this week, and both take advantage of a CPU feature called “speculative execution,” used to increase performance by predicting what data you’re going to use.
#SPECTRE MELTDOWN FREE#
Technical Detailsįirst, a technical primer-and if you don’t care about the details and only want to know how you’re impacted, feel free to jump down to the next section. Exploiting the vulnerability requires that an attacker execute code directly on the computer, something that can’t be done remotely.
The first thing to keep in mind is that, although receiving a lot of media attention, these vulnerabilities are not the death of computing as we know it. I want to take a few minutes to explain these two issues and tell you what Granicus is doing to protect the data you entrust with us. These bugs have scary-sounding names: Spectre and Meltdown. Running kernel: 2.6.32-696.23.1.el6.You’ve undoubtedly heard about the hardware bugs that potentially impact nearly every computing device made in the last 20 years. Script displays that my system is fully mitigated with kernel 2.6.32-696.20.1.el6.x86_64 but vulnerable with newer kernel 2.6.32-696.23.1.el6.x86_64 ? (VMware with fixed BIOS and ESX) Is mounting debugfs on a production system a bad idea? PTI: Not disabled on kernel commandline IBPB: Not disabled on kernel commandlineĬVE-2017-5754 - speculative execution permission faults handling IBRS: Not disabled on kernel commandline
Running kernel: 2.6.32-696.18.7.el6.x86_64ĬVE-2017-5753 - speculative execution bounds-check bypassĬVE-2017-5715 - speculative execution branch target injection Result may be inaccurate for other RPM based systems. Red Hat Enterprise Linux systems and kernel packages. This script is primarily designed to detect Spectre / Meltdown on supported ~]$ sudo mount -t debugfs nodev /sys/kernel/debug Thanks - yes with debugfs mounted, I get that Variant 3 is Mitigated.
0 kommentar(er)
