The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "EGI CSIRT:Alerts/intel-28-06-2010"
Jump to navigation
Jump to search
| (3 intermediate revisions by one other user not shown) | |||
| Line 15: | Line 15: | ||
This advisory is based on publically available information and | This advisory is based on publically available information and | ||
investigations performed by the EGI | investigations performed by the EGI Software Vulnerability Group | ||
and the EGI CSIRT. | and the EGI CSIRT. | ||
| Line 49: | Line 49: | ||
</nowiki></pre> | </nowiki></pre> | ||
<pre><nowiki> | |||
EGI CSIRT ADVISORY UPDATE1: Vulnerability In Intel Compiler Suite EGI-ADV-20100628] | |||
Title: Important Impact Vulnerability In Intel Compiler Suite | |||
Date: July 21st 2010 | |||
URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010 | |||
Summary | |||
This is an update to [EGI-ADV-20100628] as Intel has released a security | |||
advisory. The vulnerability was caused by bad file permissions in products | |||
belonging to the Intel compiler suite, especially the Math Kernel Library, | |||
and can be used by local attackers to elevate privileges. | |||
This advisory is based on publically available information and investigations | |||
performed by the EGI Software Vulnerability Group and the EGI CSIRT. | |||
Details | |||
https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010 | |||
For detailed information see original Intel Advisory: | |||
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00025&languageid=en-fr | |||
Affected versions: Intel MKL instances < 10.2 | |||
Recommended Actions | |||
Affected users are recommended to: | |||
1. Uninstall Intel MKL instances prior to version 10.2 | |||
2. Install Intel MKL 10.2 or later | |||
Updated Intel MKL is available at http://software.intel.com/en-us/intel-mkl/. | |||
If you are unable to upgrade or would like more information, please contact | |||
Intel Support (http://premier.intel.com). | |||
Or correct the vulnerability by searching for world-writable files in the | |||
Intel installation directory tree, e.g. with | |||
find /opt/intel/ -type f -perm -o=w -ls | |||
and fixing the permissions with | |||
find /opt/intel/ -type f -perm -o=w -print0 | xargs -0 chmod go-w | |||
(please replace "/opt/intel" with any site-specific installation directory). | |||
</nowiki></pre> | |||
<pre><nowiki> | |||
EGI CSIRT ADVISORY UPDATE2: Vulnerability In Intel Compiler Suite [EGI-ADV-20100628] | |||
Title: Important Impact Vulnerability In Intel Compiler Suite | |||
Date: July 26th 2010 | |||
URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010 | |||
Summary | |||
This is the second update to [EGI-ADV-20100628] as Intel has released an | |||
update on 23rd July to correct an error in its original advisory. The | |||
corrected affected version numbers are IntelR MKL 10.2 update 1 and prior | |||
versions. | |||
Affected versions: Intel MKL instances < 10.2 update 1 | |||
Details please refer to: | |||
https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010 | |||
and/or | |||
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00025&languageid=en-fr | |||
</nowiki></pre> | |||
Latest revision as of 19:48, 26 July 2010
| Mission | Members | Contacts
| Incident handling | Alerts | Monitoring | Security challenges | Procedures | Dissemination
EGI CSIRT ADVISORY [EGI-ADV-20100628] Title: Moderate Impact Vulnerability In Intel Compiler Suite Date: June 28th 2010 URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010 Summary A vulnerability caused by bad file permissions has been identified in products belonging to the Intel compiler suite. The vulnerability can be used by local attackers to compromise other users' accounts. This advisory is based on publically available information and investigations performed by the EGI Software Vulnerability Group and the EGI CSIRT. Details During the installation of the Intel Math Kernel Library (MKL - http://software.intel.com/en-us/intel-mkl/) several files are installed world-writable, including configuration files that are intended to be sourced by all users of the MKL libraries. This makes it trivial for a local attacker to compromise the accounts of other users. It appears that these issues were quietly corrected in December 2009. However, MKL components are included in several different products in the Intel compiler suite, which makes it hard to say exactly which versions are affected. At the time of writing, no advisory about the issue is available from Intel. Recommended Actions This vulnerability can easily be corrected by searching for world-writable files in the Intel installation directory tree, e.g. with find /opt/intel/ -type f -perm -o=w -ls and fixing the permissions with find /opt/intel/ -type f -perm -o=w -print0 | xargs -0 chmod go-w (please replace "/opt/intel" with any site-specific installation directory).
EGI CSIRT ADVISORY UPDATE1: Vulnerability In Intel Compiler Suite EGI-ADV-20100628] Title: Important Impact Vulnerability In Intel Compiler Suite Date: July 21st 2010 URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010 Summary This is an update to [EGI-ADV-20100628] as Intel has released a security advisory. The vulnerability was caused by bad file permissions in products belonging to the Intel compiler suite, especially the Math Kernel Library, and can be used by local attackers to elevate privileges. This advisory is based on publically available information and investigations performed by the EGI Software Vulnerability Group and the EGI CSIRT. Details https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010 For detailed information see original Intel Advisory: http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00025&languageid=en-fr Affected versions: Intel MKL instances < 10.2 Recommended Actions Affected users are recommended to: 1. Uninstall Intel MKL instances prior to version 10.2 2. Install Intel MKL 10.2 or later Updated Intel MKL is available at http://software.intel.com/en-us/intel-mkl/. If you are unable to upgrade or would like more information, please contact Intel Support (http://premier.intel.com). Or correct the vulnerability by searching for world-writable files in the Intel installation directory tree, e.g. with find /opt/intel/ -type f -perm -o=w -ls and fixing the permissions with find /opt/intel/ -type f -perm -o=w -print0 | xargs -0 chmod go-w (please replace "/opt/intel" with any site-specific installation directory).
EGI CSIRT ADVISORY UPDATE2: Vulnerability In Intel Compiler Suite [EGI-ADV-20100628] Title: Important Impact Vulnerability In Intel Compiler Suite Date: July 26th 2010 URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010 Summary This is the second update to [EGI-ADV-20100628] as Intel has released an update on 23rd July to correct an error in its original advisory. The corrected affected version numbers are IntelR MKL 10.2 update 1 and prior versions. Affected versions: Intel MKL instances < 10.2 update 1 Details please refer to: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010 and/or http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00025&languageid=en-fr