Linux Cache Poisoning Attacks Easier Than On Windows?

Recommended Posts

23 April 2009, 11:28

Linux cache poisoning attacks easier than on Windows?

An anonymous security expert on the Microsoft Subnet blog has published sample code for a cache poisoning attack on Linux. The work was based on Joanna Rutkowska's previously announced attack on Intel's System Management Mode, explained in detail in an Invisible Things Lab paper.

The anonymous writer was surprised how easy the attack was and noted the exploit code was neither unusual or particularly complex. The aim of the attack is to obtain access to the usually well-secured are of memory used by the system management mode through modification of the Memory Type Range Registers (MTRR) and obtain space to place a rootkit, which would allow the attacker to gain control of the hypervisor or operating system. Root privileges are needed to execute the attack.

The published sample code is for a Linux operating system running on an Intel DQ35 motherboard with 2GB of RAM. It appears that the Linux root user is given amazingly easy access to the Memory Type Range Registers. The blogger admits this attack could also be performed in Windows, but that it requires much more effort and know-how.


Heise security -

Link to post
Share on other sites

wow, spreading FUD now. .I understand Peaches that you are not the author, but come on this story comes from MS and was shot down last week as not really a security problem, why..

first you need physical access to the machine. you also need to have the root account on the machine.. if you have both of these you do not need to write an exploit you own the machine..

also you need a specific intel chipset..

this who 'exploit' is nothing more than a user with root access can simply write to memory in Linux while on windows there is no tool to do so, so this makes it harder?

just like on a linux machine if I am root I cam ifconfig eth0:0 and mutihome my network card.. windows has no command to do this, only with special drivers can you do it..

so its not an explit if you have to be root to do it..

Link to post
Share on other sites

I should say, That Peaches is just posting security violations so we can be a aware of them, and my comments on FUD are directed towards the MS blogger.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.