EGI CSIRT:Alerts/intel-28-06-2010

From EGIWiki
Jump to: navigation, search


| Mission | Members | Contacts
| Incident handling | Alerts | Monitoring | Security challenges | Procedures | Dissemination



EGI CSIRT ADVISORY [EGI-ADV-20100628]

Title: Moderate Impact Vulnerability In Intel Compiler Suite
Date:  June 28th 2010
URL:   https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010


Summary

A vulnerability caused by bad file permissions has been identified in
products belonging to the Intel compiler suite. The vulnerability can be
used by local attackers to compromise other users' accounts.

This advisory is based on publically available information and
investigations performed by the EGI Software Vulnerability Group 
and the EGI CSIRT.


Details

During the installation of the Intel Math Kernel Library (MKL -
http://software.intel.com/en-us/intel-mkl/) several files are installed
world-writable, including configuration files that are intended to be
sourced by all users of the MKL libraries. This makes it trivial for a
local attacker to compromise the accounts of other users.

It appears that these issues were quietly corrected in December 2009.
However, MKL components are included in several different products in
the Intel compiler suite, which makes it hard to say exactly which
versions are affected. At the time of writing, no advisory about the
issue is available from Intel.


Recommended Actions

This vulnerability can easily be corrected by searching for
world-writable files in the Intel installation directory tree, e.g. with

 find /opt/intel/ -type f -perm -o=w -ls

and fixing the permissions with

 find /opt/intel/ -type f -perm -o=w -print0 | xargs -0 chmod go-w

(please replace "/opt/intel" with any site-specific installation directory).

EGI CSIRT ADVISORY UPDATE1: Vulnerability In Intel Compiler Suite EGI-ADV-20100628]

Title: Important Impact Vulnerability In Intel Compiler Suite
Date:  July 21st 2010
URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010

Summary
This is an update to [EGI-ADV-20100628] as Intel has released a security 
advisory. The vulnerability was caused by bad file permissions in products 
belonging to  the Intel compiler suite, especially the Math Kernel Library, 
and can be used by local attackers to elevate privileges.

This advisory is based on publically available information and investigations
performed by the EGI Software Vulnerability Group  and the EGI CSIRT.

Details
https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010
For detailed information see original Intel Advisory:
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00025&languageid=en-fr

Affected versions: Intel MKL instances < 10.2

Recommended Actions
Affected users are recommended to:
1.     Uninstall Intel MKL instances prior to version 10.2
2.     Install Intel MKL 10.2 or later

Updated Intel MKL is available at http://software.intel.com/en-us/intel-mkl/.
If you are unable to upgrade or would like more information, please contact 
Intel Support (http://premier.intel.com).

Or correct the vulnerability by searching for world-writable files in the 
Intel installation directory tree, e.g. with
 find /opt/intel/ -type f -perm -o=w -ls
and fixing the permissions with
 find /opt/intel/ -type f -perm -o=w -print0 | xargs -0 chmod go-w
(please replace "/opt/intel" with any site-specific installation directory).
EGI CSIRT ADVISORY UPDATE2: Vulnerability In Intel Compiler Suite [EGI-ADV-20100628]

Title: Important Impact Vulnerability In Intel Compiler Suite
Date:  July 26th 2010
URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010

Summary 
This is the second update to [EGI-ADV-20100628] as Intel has released an
update on 23rd July to correct an error in its original advisory. The
corrected affected version numbers are IntelR MKL 10.2 update 1 and prior
versions.

Affected versions: Intel MKL instances < 10.2 update 1

Details please refer to:
https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/intel-28-06-2010
and/or
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00025&languageid=en-fr