Community discussions

MikroTik App
 
taylorc
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Mon Aug 21, 2006 3:42 am

Meltdown and Spectre Security Vulnerabilities on x86

Thu Jan 04, 2018 4:22 am

I just learned about the Meltdown and Spectre attacks (CVE-2017-5754, CVE-2017-5753, CVE-2017-5715).

How vulnerable are our x86 routers? When will a patch be available?

Looking for a official word from Mikrotik.
 
robertpenz
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Mon Oct 10, 2011 8:41 am

Re: Meltdown and Spectre Security Vulnerabilities on x86

Thu Jan 04, 2018 11:03 am

What about Meta-Router feature? And Spectre is not Intel only, also ARM.

https://security.googleblog.com/2018/01 ... -need.html
These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.
Last edited by robertpenz on Thu Jan 04, 2018 11:07 am, edited 1 time in total.
 
robertpenz
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Mon Oct 10, 2011 8:41 am

Re: Meltdown and Spectre Security Vulnerabilities on x86

Thu Jan 04, 2018 11:08 am

so its not possible to get from a guest down to the host?
 
kamillo
Member Candidate
Member Candidate
Posts: 166
Joined: Tue Jul 15, 2014 5:44 pm

Re: Meltdown and Spectre Security Vulnerabilities on x86

Thu Jan 04, 2018 11:29 am

I'm not sure about that, according to "The Register"
On a shared system, such as a public cloud server, it is possible, depending on the configuration, for software in a guest virtual machine to drill down into the host machine's physical memory and steal data from other customers' virtual machines. See below for details on Xen hypervisor updates.
https://www.theregister.co.uk/2018/01/0 ... erability/

It is possible (at least on Xen)
 
pe1chl
Forum Guru
Forum Guru
Posts: 6797
Joined: Mon Jun 08, 2015 12:09 pm

Re: Meltdown and Spectre Security Vulnerabilities on x86

Thu Jan 04, 2018 11:41 am

Why would you want to use a virtual router under RouterOS in an environment where you already run RouterOS under a hypervisor?
You can just as well run the virtual router as a separate machine under the hypervisor.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24666
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Meltdown and Spectre Security Vulnerabilities on x86

Fri Jan 05, 2018 11:34 am

RouterOS is not affected if you only use RouterOS.

Since RouterOS does not easily allow custom code to be run, the Meltdown/Spectre attacks won't affect most RouterOS users.
However, you should be careful with KVM guest systems and who has access to them.

Here are a few things you can do: https://www.renditioninfosec.com/2018/0 ... tion-plan/
No answer to your question? How to write posts
 
pe1chl
Forum Guru
Forum Guru
Posts: 6797
Joined: Mon Jun 08, 2015 12:09 pm

Re: Meltdown and Spectre Security Vulnerabilities on x86

Fri Jan 05, 2018 1:54 pm

I heard that it can be exploited from Javascript.
Javascript is a lot more versatile than RouterOS scripting, so it could well be that exploiting it from there is impossible.
But it should be noted that having "guest" type users who can execute scripts could in theory lead to acquiring more privileges.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24666
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Meltdown and Spectre Security Vulnerabilities on x86

Fri Jan 05, 2018 2:06 pm

I heard that it can be exploited from Javascript.
Javascript is a lot more versatile than RouterOS scripting, so it could well be that exploiting it from there is impossible.
But it should be noted that having "guest" type users who can execute scripts could in theory lead to acquiring more privileges.
Javascript can access the CPU of your system (where the browser is running). in RouterOS there is no web browser or javascript.
No answer to your question? How to write posts
 
pe1chl
Forum Guru
Forum Guru
Posts: 6797
Joined: Mon Jun 08, 2015 12:09 pm

Re: Meltdown and Spectre Security Vulnerabilities on x86

Fri Jan 05, 2018 2:11 pm

The issue is not "is there a webbrowser or javascript", the issue is "is there a programmable environment where users can execute their own code".
While it surprises me that it can be exploited from javascript (vs. only from assembler or C or similar low-level language), I cannot rule out that when
it can be exploited from javascript it can be exploited from another scripting language as well.
That would not provide an attack vector via routed network traffic, but it could do so when you have guest users that can login to the router but do
not have full privileges, yet want to obtain those.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24666
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Meltdown and Spectre Security Vulnerabilities on x86

Fri Jan 05, 2018 2:15 pm

I am not aware of any user rights combination that allows you to run your own code and scripts, but has no full rights group already.
The only weak spot is an uncontrolled KVM guest where you have some untrusted people using linux as virtual machine.
No answer to your question? How to write posts
 
pe1chl
Forum Guru
Forum Guru
Posts: 6797
Joined: Mon Jun 08, 2015 12:09 pm

Re: Meltdown and Spectre Security Vulnerabilities on x86

Fri Jan 05, 2018 2:35 pm

I tested with a user with only the default read group, and it can telnet to the router and run scripts in immediate mode (commandline).
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24666
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Meltdown and Spectre Security Vulnerabilities on x86

Fri Jan 05, 2018 2:55 pm

give an example of what kind of script you ran.
anyway, those scripts are not able to exploit Spectre, routeros scripting is not too powerful.
No answer to your question? How to write posts
 
pe1chl
Forum Guru
Forum Guru
Posts: 6797
Joined: Mon Jun 08, 2015 12:09 pm

Re: Meltdown and Spectre Security Vulnerabilities on x86

Fri Jan 05, 2018 3:07 pm

I just typed a simple for loop and it worked.
However, I already wrote that it is not certain that it can be used to exploit this vulnerability.
In fact I am surprised that it can be done via Javascript.
 
The1stImmortal
just joined
Posts: 5
Joined: Fri Sep 28, 2012 9:11 am

Re: Meltdown and Spectre Security Vulnerabilities on x86

Mon Jan 08, 2018 3:31 am

While spectre/meltdown might not be an initial attack vector for RouterOS, it's entirely possible that it could be used in conjunction with other vulnerabilities, known or unknown, to make an attack worse. There are cross-hypervisor possibilities for example, so if a remote code execution bug exists, there's a possibility to use that to access physical RAM across VM boundaries.

While it appears there's no absolute software fix, it'd be appreciated if Mikrotik could ensure that any applicable kernel-level and application-level mitigation patches to RouterOS components are applied and pushed out as soon as is practical and safe.

Who is online

Users browsing this forum: eakteam, pthunya and 96 guests