On 05/09/2017 01:34 AM, Marcus Meissner wrote:
On Tue, May 09, 2017 at 04:29:25AM -0400, Greg Freemyer wrote:
I see nothing to suggest this doesn't impact Linux installs on the affected PCs.
http://www.zdnet.com/article/intel-chip-vulnerability-lets-hackers-easily-re...
"But Embedi warned that any affected internet-facing device with open ports 16992 and 16993 are at risk. "Access to ports 16992/16993 are the only requirement to perform a successful attack," said the Embedi researchers."
The bug is pretty horrendous and gives remote attackers access to the remote console. If you have auto-login enabled it may give the attacker a nice logged in GUI. This is actually the Intel Management Engine, which is totally out of control of the operating system.
Yes, close those ports, disanble Intel ME in BIOS etc.
According to Intel, these are the affected ports: 16992, 16993, 16994, 16995, 623, and 664. Note that it may not be possible to disable IME in the bios. I asked our vendor if we were vulnerable (we use Supermicro boards) and they replied: "A recent security issue (CVE-2017-5689) associated with Intel AMT was published on Intel's website on 5/1/17: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr -- This vulnerability is exposed on platforms that use the ME firmware variant in the BIOS that enables AMT for system management. Supermicro Server and Storage product lines are not impacted by this vulnerability as system management is handled by the SPS firmware variant in the BIOS that enables system management through the BMC." Also note that only the first (eth0) port on Supermicro motherboards are affected. If you use the second (eth1) motherboard port for external connectivity you should be okay. Plug-in Ethernet boards would also be safe. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org