TPS-2021-001 CVE-2021-40346 - HA Proxy

Overview This notice is to advise Joyent customers and open source users of Triton and Manta about CVE-2021-40346, a potential security vulnerability where an attacker may bypass http-request HAProxy ACLs. Description Further details surrounding this vulnerability (including a list of applications/services that may be vulnerable) can be found in this alert from CVE. Actions taken by Joyent The fix has been made available for upstream inclusion and has been deployed into our production environment.

TPS-2020-001 CVE-2020-27678 - libpam

Overview A critical vulnerability was found in the illumos Pluggable Authentication Module library due to insufficient bounds checking. This issue affects all illumos distributions using illumos PAM. Actions taken by Joyent The illumos community has fixed the issue, which has been merged into Joyent’s fork of illumos. Release platform images dated 20201022 or later are available that resolve this issue. Actions You Need to Take It is recommended for all users to reboot all Triton and SmartOS compute nodes to a platform image that contains the fix.

TPS-2019-003 Intel Microarchitectural Data Sampling (CVE-2018-12127, CVE-2018-12126, CVE-2018-12130, CVE-2019-11091)

Overview This advisory covers four different vulnerabilities, collectively termed Microarchitectural Data Sampling (MDS): Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2018-12127 Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12126 Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130 Microarchitectural Uncacheable Data Sampling (MDSUM) – CVE-2019-11091 These vulnerabilities impact customers running on the Triton Public Cloud and operators of Triton Enterprise software. Understanding the Vulnerabilities These vulnerabilities target different parts of the processor’s microarchitecture or implementation.

TPS-2019-002 SSH public keys of Joyent users/development hosts in some published images

Overview In the process of creating images, some of Joyent’s internal-use SSH public keys were inadvertently left in certain published images. This led to the risk of potential unauthorized access to instances using the affected images. Joyent acknowledges the assistance of an Open Source user in discovering this issue. Background Joyent creates and publishes images to our Triton public cloud. These images are of various operating systems, to be used by customers in creating instances that run on the cloud.

TPS-2019-001 Certain Docker or Kubernetes configurations in KVM or bhyve(CVE-2019-5736)

Overview CVE-2019-5736 has been detected and remediation has been strategized, as detailed here. This vulnerability relies on an unsafe container configuration known as privileged containers. SmartOS is immune to this attack. While Triton and SmartOS implement the same interface as Docker, the runC program that is used on Linux is not used in SmartOS. SmartOS is immune to similar vulnerabilities that may exist in any other program because the SmartOS handles per-zone identity in a stricter fashion than Linux privileged containers.

TPS-2018-008 Insufficient bounds checking in bhyve(8) device model (CVE-2018-17160)

Overview This vulnerability, CVE-2018-17160, was detected and remediated by the FreeBSD community, as detailed in their disclosure. The issue was caused by insufficient bounds checking for one of the emulated virtual devices. The vulnerability could be exploited to permit a guest operating system to overwrite memory in the bhyve(8) processing, making it possible to execute arbitrary code on the host. Actions Taken by Joyent The upstream fix in the FreeBSD bhyve project has been merged into SmartOS and made available for all Triton and SmartOS users in the latest platform image release, 20181206T011455Z.

TPS-2018-007 Intel L1 Terminal Fault Vulnerabilities (CVE-2018-3615, CVE-2018-3620 & CVE-2018-3646)

Overview This advisory covers a series of three different vulnerabilities surrounding Intel hardware, collectively called L1 Terminal Fault (L1TF): CVE-2018-3615 - Specific to Intel Software Guard Extensions (SGX) CVE-2018-3620 - Specific to Operating Systems and System Management Mode (SMM) CVE-2018-3646 - Specific to Virtual Machine Monitors (VMM) / Hypervisors Of these three CVEs, only the latter two apply to Triton public cloud and Triton Enterprise software customers. Joyent customers are not affected by the first CVE.

TPS-2018-006 Intel floating point unit (FPU) register state issue (CVE-2018-3665)

Overview/Description Recently, the embargo has been broken on an Intel microprocessor issue that affects operating systems that lazily save floating point unit (FPU) register state: CVE-2018-3665. While SmartOS is affected by this issue, Intel included Joyent in the embargoed information, with adequate time for us to develop and validate a fix. Actions Taken by Joyent The fix has been made available for upstream inclusion and is in the process of being deployed to the Triton Cloud (public cloud).

TPS-2018-005 Vulnerability Involving Writes to the %ss Register (CVE-2018-8897)

Overview This notice is to advise Joyent customers of CVE-2018-8897, a potential security vulnerability surrounding writes to the %ss register. Description In some circumstances, some operating systems may not expect or properly handle an Intel architecture debug exception, after certain instructions involving writes to the %ss register: The issue appears to originate from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory, or to control operating system processes.

TPS-2018-004 Intel Security Findings "Meltdown" and "Spectre"

Overview This notice is to advise Joyent customers of the potential security vulnerabilities surrounding Intel hardware, known as Spectre and Meltdown: CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 Description Details surrounding Intel’s findings regarding Spectre and Meltdown can be reviewed here. Additional information can be reviewed here and here. Actions Taken by Joyent Joyent has created a new Platform Image (PI) containing KPTI (Kernel Page Table Isolation) and PCID (Process Context Identifier). We are in the process of applying this PI across the Triton Cloud (public cloud).