[Security][Linux/BSD] 你的CPU被CVEs漏洞KO了嗎?---CPU漏洞檢測(CPU照妖鏡)

【Subject】你的CPU被漏洞KO了嗎?

這原本是2018年發布的檢測方式,不過最後更新日期是2019-1月

Linux kernel 8月在Google Zero Team發布後就開始修補 , 但遲至1月4.20才暫時補完
原因: 變種漏洞(NG版、Net版)不斷竄出,
要知道Linux /BSD 伺服器是否有漏洞挺簡單,網路高手弄出了一個快速檢測腳本
公開在GitHub上供眾使用 - 專門針對CVE發布漏洞做個全系統檢測


CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
CVE-2018-3615 [L1 terminal fault] aka 'Foreshadow (SGX)'
CVE-2018-3620 [L1 terminal fault] aka 'Foreshadow-NG (OS)'
CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow-NG (VMM)'

#支援平台=============================
├──Linux (all versions, flavors and distros)
├──BSD (FreeBSD, NetBSD, DragonFlyBSD)

#支援架構=============================
  ├──x86 (32 bits)
  ├──amd64/x86_64 (64 bits)
  ├──ARM and ARM64
  ├──other architectures will work, but mitigations (if they exist) might not always be detected

#=====下載(二選一)====================================
$ curl -L https://meltdown.ovh -o spectre-meltdown-checker.sh
$ wget https://meltdown.ovh -O spectre-meltdown-checker.sh

#=====查看腳本==================
 $ cat spectre-meltdown-checker.sh

#=====準備好,就用sudo(root權限)執行=======
$ chmod +x spectre-meltdown-checker.sh
$ sudo ./spectre-meltdown-checker.sh

 原作者粉貼心的提供How to fix方法

就是在上列腳本加上參數 --explain
sudo ./spectre-meltdown-checker.sh --explain

上面三行 ,一行搞定!
sudo sh ./spectre-meltdown-checker.sh --explain

#=====[在Dockerb容器上跑腳本]==================
With docker-compose
docker-compose build
docker-compose run --rm spectre-meltdown-checker

Without docker-compose
docker build -t spectre-meltdown-checker .
docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker


腳本輸出範例:
Intel Haswell CPU running under Ubuntu 16.04 LTS
https://camo.githubusercontent.com/b137db7da1f6bb75128dc4419424f35e99966052/68747470733a2f2f6672616d617069632e6f72672f316b576d4e7745366c6c30702f6179545258394a526c484a372e706e67

AMD Ryzen running under OpenSUSE Tumbleweed
https://camo.githubusercontent.com/4db02548a61d56a3d94c42ce6281b7a98794b8d9/68747470733a2f2f6672616d617069632e6f72672f546b576275683432315951522f364d41475550336c4c364e652e706e67

用Linux 4.18.0-2-amd64 #1 SMP Debian 4.18.10-2 (2018-10-07) x86_64
更新到 Debian 4.19.20-1 (2019-02-11) x86_64 GNU/Linux還是解決不了問題
=> 避五中三(共8個) - (難到一定更新到4.20?)
又要開始找尋修補替代道路

CVEs漏洞快速提要
CVE-2017-5753 bounds check bypass (Spectre Variant 1)
  • Impact: Kernel & all software
  • Mitigation: recompile software and kernel with a modified compiler that introduces the LFENCE opcode at the proper positions in the resulting code
  • Performance impact of the mitigation: negligible

CVE-2017-5715 branch target injection (Spectre Variant 2)
  • Impact: Kernel
  • Mitigation 1: new opcode via microcode update that should be used byup to date compilers to protect the BTB (by flushing indirect branchpredictors)

  • Mitigation 2: introducing "retpoline" into compilers, and recompile software/OS with it
  • Performance impact of the mitigation: high for mitigation 1, medium for mitigation 2, depending on your CPU

CVE-2017-5754 rogue data cache load (Meltdown)
  • Impact: Kernel
  • Mitigation: updated kernel (with PTI/KPTI patches), updating the kernel is enough
  • Performance impact of the mitigation: low to medium

CVE-2018-3640 rogue system register read (Variant 3a)
  • Impact: TBC
  • Mitigation: microcode update only
  • Performance impact of the mitigation: negligible

CVE-2018-3639 speculative store bypass (Variant 4)
  • Impact: software using JIT (no known exploitation against kernel)
  • Mitigation: microcode update + kernel update making possible for affected software to protect itself
  • Performance impact of the mitigation: low to medium

CVE-2018-3615 l1 terminal fault (Foreshadow-NG SGX)
  • Impact: Kernel & all software (any physical memory address in the system)
  • Mitigation: microcode update
  • Performance impact of the mitigation: negligible

CVE-2018-3620 l1 terminal fault (Foreshadow-NG SMM)
  • Impact: Kernel & System management mode
  • Mitigation: updated kernel (with PTE inversion)
  • Performance impact of the mitigation: negligible

CVE-2018-3646 l1 terminal fault (Foreshadow-NG VMM)
  • Impact: Virtualization software and Virtual Machine Monitors
  • Mitigation: disable ept (extended page tables), disable hyper-threading (SMT), orupdated kernel (with L1d flush)
  • Performance impact of the mitigation: low to significant

Refence:
https://github.com/speed47/spectre-meltdown-checker

迷之音:Intel CPU漏洞(AMD又號稱不受影響)還有一顆未爆彈TLBleed專門盜取CPU密鑰
-會衝擊依賴密碼學的Security系統(目前尚未有PoC攻擊手法證明,但值得關注!)

ps.
如果是用Putty, 需要改變下ANSI Blue的數值,否則藍色底色會看到脫窗
Category=>Windows=>Cloours===>ANSI Blue:
Red:60
Green:60
Blue:187

Red、Green數值最好在60以上~100以下較佳。
改完記得去Category=>Session中Save存檔
2019-02-19 10:20 發佈
AMD Ryzen running under OpenSUSE Tumbleweed
下連結不可存取
一香(箱)、兩香(箱)、三香(箱)、四香(箱)、五香(箱) (老闆聽了很爽一直搬) 老闆,我要張君雅五香海苔一包
河魨 wrote:
AMD Ryzen...(恕刪)


大概是GitHub 禁止外連吧~那我把連結砍了!
原始網址我已給哦~直接上官網看.......多謝通知XD

omniplay wrote:
大概是GitHub...(恕刪)

也好像不是 阿知 我點第一個 intel的是有看見
一香(箱)、兩香(箱)、三香(箱)、四香(箱)、五香(箱) (老闆聽了很爽一直搬) 老闆,我要張君雅五香海苔一包
限制級
您即將進入之討論頁 需滿18歲 方可瀏覽。
根據「電腦網路內容分級處理辦法」修正條文第六條第三款規定,已於該限制級網頁,依台灣網站分級推廣基金會規定作標示。
評分
複製連結