Quoting Douglas Ray (dougray@cpan.org):
Firmware remote vulnerability in Intel business products
Forwarding from my local LUG: Date: Wed, 3 May 2017 23:08:47 -0700 From: Rick Moen <rick@linuxmafia.com> To: conspire@linuxmafia.com Subject: Intel Active Management Technology (AMT): not necessarily your friend Organization: If you lived here, you'd be $HOME already. X-Mas: Bah humbug. X-Clacks-Overhead: GNU Terry Pratchett LWN.net covers the below-cited matter in its usual crystal-clear way. Normally, that would be subscriber-only for another week (because it's an article in this week's Linux Weekly News), but as a subscriber I am allowed to offer y'all a special URL to read this one article: https://lwn.net/SubscriberLink/721586/7a5e4348f30c07ee/ That having been said, if you can afford to subscribe to LWN and are interested in Linux, you should subscribe. It's a uniquely valuable periodical. ----- Forwarded message from Rick Moen <rick@linuxmafia.com> ----- Date: Wed, 3 May 2017 17:20:42 -0700 From: Rick Moen <rick@linuxmafia.com> To: svlug@lists.svlug.org Subject: [svlug] Intel Active Management Technology (AMT): not necessarily your friend Pitfall inside. A decade-plus ago, Intel started building embedded control structures deep into its chipsets. One, present in many but not all Intel x86 motherboard chipset since 2008 starting with 'Nehalem', is the Active Management Technology (AMT) out-of-band network service, intended to permit out-of-band system management on one out of network ports 16992i-16995[1] (over ethernet)[2], to remotely reboot, repair, and tweak hosts, and has total control of the host from ring -2, below the level of the normal hardware (ring 0). It's supposed to require an access password, and then provide remote serial console or VNC Gosh, what could possibly go wrong? Enter CVE-2017-5689). Um, yes, they messed that up, not counting the entire thing being a bad idea, anyway. (Details are not yet fully released, and it's best to check links such as those I give below, in case I've gotten something wrong or there are new developments.) AMT is built atop a slightly earlier feature called Management Engine ('ME', introduced with the Core 2 in 2006), and on current systems is said to run on SPARC core circuitry (yes, on your Intel-based motherboard). With some Intel circuitry, there are ways that have been discovered to wipe out the ME, which seems a fabulous idea to me. On any local system with AMT drivers installed (a root operation), unprivileged local users can also connect to the AMT with full administrative privilege, in addition to the remote risk. Some Intel systems ship with AMT, others don't. Most that ship with it don't have it turned on by default. But, if yours does, it has a big security problem. (AMT can still be exploited locally even if it's defaulted to shut off, as a local user can switch it on.) https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platf... https://www.embedi.com/news/mythbusters-cve-2017-5689 https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/ http://mjg59.dreamwidth.org/48429.html https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075 https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Gui... Bottom link is the mitigation guide, telling you how to use MS-Windows's built in command line program 'SC' to deal with the problem. As usual, they assume everyone runs MS-Windows, but an open-source tool for *ix that seems to offer the same functionality is here: https://software.intel.com/en-us/articles/download-the-latest-intel-amt-open... First link in the above set (the one to read even if you read nothing else) is particularly damning, as it says researcher Charlie Demerjian has been trying to take the security problem seriously for years. Demerjian claims you should disable or install Local Manageability Service (LMS) to block access to AMT, and that related features ISM (Intel System Management) and SBT (Small Business Technology) are also problems. (See link for more.) [1] Intel's mitigation guide also says ports 623 and 664. [2] Commenters on Matthew Garrett's blog (see link) claim AMT is also reachable over Intel wifi interfaces. ----- End forwarded message -----
-------- Forwarded Message -------- Subject: Intel's Management Technology is indeed vulnerable Date: Tue, 2 May 2017 19:49:54 +0200 (CEST) From: I love OpenBSD <lampshade@poczta.fm> To: misc@openbsd.org
INTEL-SA-00075 There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products.
Can I preview a bitlink before clicking on it? https://support.bitly.com/hc/en-us/articles/230650447-Can-I-preview-a-bitlin...
Arstechnica: http://bit.ly/2qyHCQn
Semiaccurate: http://bit.ly/2pB2MjO
Intel's PDF: http://intel.ly/2qAK4G0
_______________________________________________ luv-talk mailing list luv-talk@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-talk