Re: Remotely exploitable firmware vulnerability in all Intel chipsets

2017-05-03 Thread Tom Buskey 
On Tue, May 2, 2017 at 9:51 AM, Lloyd Kvam  wrote:

> lspci | egrep 'MEI|HECI'


As the article on dreamwidth says, just having MEI doesn't mean you have
AMT and the rest of the Intel ME working for someone to get in.

Honestly, most of the stuff I've seen about ME reads like breathless
clickbait instead of valid security information.   It'd be nice to read
about it w/o having to decipher a conspiracy undertone.And it is a
legitimate security vulnerability.

ME is a newer, Intel version of the remote control/IPMI standard and the
proprietary iDrac, iLo and other versions.

ME seems more private (no source code for the public!) than all the IPMI
stuff has been.  Both allow you to setup power control, remote control a
serial console and read motherboard settings.  IPMI can provide a video
console in some cases.  It's usually on Supermicros as a jnlp java applet.
 iDrac has an Enterprise version (more $) with the same.  The latest iDrac
also has an HTML5 version.

If you go further back, Sun systems had something called LOM and variants
that also let you get to the "BIOS" before/without booting.

Holes in IPMI were first disclosed by Dan Farmer  in
2013.  The Intel ME/AMT is just a newer version of IPMI with similar holes
that's not restricted to server systems.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Remotely exploitable firmware vulnerability in all Intel chipsets

2017-05-02 Thread Lloyd Kvam 
http://mjg59.dreamwidth.org/48429.html
provides some Linux oriented info from Matthew Garrett

lspci | egrep 'MEI|HECI'
showed I have MEI

On Tue, 2017-05-02 at 07:20 -0400, Ben Scott wrote:
> This is potentially very bad for many people, as this is presumably exposed
> outside the firewall on the computer, and is OS-independent.
> 
> That means any laptop that leaves a firewalled LAN is exposed to a remote
> root exploit.
> 
> The Intel "Management Engine" (ME) runs along side the main processor.  It
> piggybacks on the network ports, and can read/write any memory or disk
> location in the system.  If an attacker can gain control of the ME, they
> can do whatever they want, outside the OS.
> 
> Reportedly some (most?) chipsets are vulnerable even if you're not using
> the ME or have it nominally disabled.  Even when not vulnerable to remote
> attack, everything is locally vulnerable.
> 
> It appears firmware fixes have to come from the motherboard vendor.
> 
> https://m.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/
> 
> https://security-center.intel.com/advisory.aspx?intelid=INTE
> L-SA-00075&languageid=en-fr
> 
> -- Ben
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
-- 
Lloyd Kvam
Venix
DLSLUG/GNHLUG library
http://dlslug.org/library.html
http://www.librarything.com/catalog/dlslug
http://www.librarything.com/catalog/dlslug&sort=stamp
http://www.librarything.com/rss/recent/dlslug




___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Remotely exploitable firmware vulnerability in all Intel chipsets

2017-05-02 Thread Ben Scott 
This is potentially very bad for many people, as this is presumably exposed
outside the firewall on the computer, and is OS-independent.

That means any laptop that leaves a firewalled LAN is exposed to a remote
root exploit.

The Intel "Management Engine" (ME) runs along side the main processor.  It
piggybacks on the network ports, and can read/write any memory or disk
location in the system.  If an attacker can gain control of the ME, they
can do whatever they want, outside the OS.

Reportedly some (most?) chipsets are vulnerable even if you're not using
the ME or have it nominally disabled.  Even when not vulnerable to remote
attack, everything is locally vulnerable.

It appears firmware fixes have to come from the motherboard vendor.

https://m.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/

https://security-center.intel.com/advisory.aspx?intelid=INTE
L-SA-00075&languageid=en-fr

-- Ben
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/