Overview This vulnerability, CVE-2018-17160, was detected and remediated by the FreeBSD community, as detailed in their disclosure.
The issue was caused by insufficient bounds checking for one of the emulated virtual devices. The vulnerability could be exploited to permit a guest operating system to overwrite memory in the bhyve(8) processing, making it possible to execute arbitrary code on the host.
Actions Taken by Joyent The upstream fix in the FreeBSD bhyve project has been merged into SmartOS and made available for all Triton and SmartOS users in the latest platform image release, 20181206T011455Z.
Overview This advisory covers a series of three different vulnerabilities surrounding Intel hardware, collectively called L1 Terminal Fault (L1TF):
CVE-2018-3615 - Specific to Intel Software Guard Extensions (SGX) CVE-2018-3620 - Specific to Operating Systems and System Management Mode (SMM) CVE-2018-3646 - Specific to Virtual Machine Monitors (VMM) / Hypervisors Of these three CVEs, only the latter two apply to Triton public cloud and Triton Enterprise software customers. Joyent customers are not affected by the first CVE.
Overview/Description Recently, the embargo has been broken on an Intel microprocessor issue that affects operating systems that lazily save floating point unit (FPU) register state: CVE-2018-3665.
While SmartOS is affected by this issue, Intel included Joyent in the embargoed information, with adequate time for us to develop and validate a fix.
Actions Taken by Joyent The fix has been made available for upstream inclusion and is in the process of being deployed to the Triton Cloud (public cloud).
Overview This notice is to advise Joyent customers of CVE-2018-8897, a potential security vulnerability surrounding writes to the %ss register.
Description In some circumstances, some operating systems may not expect or properly handle an Intel architecture debug exception, after certain instructions involving writes to the %ss register:
The issue appears to originate from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory, or to control operating system processes.
Overview This notice is to advise Joyent customers of the potential security vulnerabilities surrounding Intel hardware, known as Spectre and Meltdown:
CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 Description Details surrounding Intel’s findings regarding Spectre and Meltdown can be reviewed here. Additional information can be reviewed here and here.
Actions Taken by Joyent Joyent has created a new Platform Image (PI) containing KPTI (Kernel Page Table Isolation) and PCID (Process Context Identifier). We are in the process of applying this PI across the Triton Cloud (public cloud).
Overview This notice is to advise Triton Cloud (public cloud) users, Triton On-Premises Software operators, and Open Source Triton users of a vulnerability reported by Zero Day Initiative (ZDI).
Description The following security vulnerability has been identified by Ben Murphy with Zero Day Initiative: ZDI-CAN-5106. Through ZDI, we have previously been made aware of this vulnerability. Here is a brief description of the issue and its resolution:
Issue: A malicious DTrace helper can lead to zone escape via out-of-bounds relocation.
Overview This notice is to advise Joyent customers of TA14-017A, a potential security vulnerability surrounding misconfigured applications/services that utilize User Datagram Protocol (UDP).
Description A misconfigured application/service that utilizes UDP can cause a Triton instance to be vulnerable to Distributed Denial of Service (DDoS) attacks, causing the Triton instance to attack others.
Further details surrounding this vulnerability (including a list of applications/services that may be vulnerable) can be found in this alert from US-CERT.
Overview This notice is to advise Joyent’s Triton Cloud (public cloud) customers, Triton on-premises software customers and Open Source Triton users of two security vulnerabilities.
Description The following security vulnerabilities have been identified by Ben with Zero Day Initiative (ZDI): ZDI-CAN-4983 and ZDI-CAN-4984. Through ZDI, we have previously been made aware of these vulnerabilities. Here is a brief description of the issue and its resolution:
Issue: A local process can generate a panic by issuing commands to the smb subsystem.
Overview This notice is to advise Triton Cloud (public cloud) users, Triton On-Premises Software operators, Node.js users and Open Source Triton users of a vulnerability reported by Node.
Description Node has made Joyent aware of the following high-severity DOS vulnerability: CVE-2017-14919
The following Node.js versions are vulnerable to this issue, which can be used by an external attacker to cause a denial of service:
Versions 4.8.2 and later Versions 6.
Overview This notice is to advise Triton Cloud (public cloud) users, Triton On-Premises Software operators, Triton On-Premises Object Storage (Manta) operators and Open Source Triton users of two vulnerabilities reported by Node.
Description Joyent has been made aware of the following Node vulnerabilities:
“Constant Hashtable Seeds” (CVE-2017-11499) - high severity “- c-ares NAPTR parser out of bounds access” (CVE-2017-1000381) - low severity Of the two, only the high-severity “Constant Hashable Seeds” vulnerability has been determined to have any potential effect on Joyent’s infrastructure/services.