TIBCO LogLogic LMI exposure and impact status regarding Meltdown and Spectre Vulnerabilities
Article ID: KB0108108
Updated On:
| Products | Versions |
|---|---|
| TIBCO LogLogic Enterprise Virtual Appliance | all versions |
Description
The information below explains the exposure level for LogLogic LMI with respect to Meltdown and Spectre vulnerabilities.
Local access to TIBCO LogLogic Log Management Intelligence (LMI) command shells are, by default, limited to root-level accounts. By design, all LogLogic LMI users have root-level access to LogLogic LMI's OS environment. This cannot be changed in an attempt to make the systems more secure because root-level access is required for certain administrative tasks as dictated by either Linux or the LogLogic LMI application, depending on the task in question. There are no non-root-level accounts that exist to provide local login access to LogLogic LMI's OS.
As reported by various sources, both the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities rely on local, unprivileged access as the motivator for exploiting them:
An attacker wanting to exploit these vulnerabilities in LogLogic LMI will already have root-level privileges and therefore exploiting these vulnerabilities will not provide them with any extra attack vector or advantage.
TIBCO always recommends that access to LogLogic LMI EVA and non-EVA be limited to as few people as possible as everyone accessing the system is a privileged user.
Even though there is no advantage to an attacker using these vulnerabilities on a LogLogic, LMI TIBCO is working with our upstream vendors to determine which patches are required to address the Meltdown and Spectre vulnerabilities.
Additional information on TIBCO’s activities related to the Meltdown and Spectre vulnerabilities can be found at https://www.tibco.com/services/support/public-notices.
Local access to TIBCO LogLogic Log Management Intelligence (LMI) command shells are, by default, limited to root-level accounts. By design, all LogLogic LMI users have root-level access to LogLogic LMI's OS environment. This cannot be changed in an attempt to make the systems more secure because root-level access is required for certain administrative tasks as dictated by either Linux or the LogLogic LMI application, depending on the task in question. There are no non-root-level accounts that exist to provide local login access to LogLogic LMI's OS.
As reported by various sources, both the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities rely on local, unprivileged access as the motivator for exploiting them:
- Meltdown allows a local, userland (unprivileged) process to read contents of any memory mapped to the processes, including kernel memory
- Spectre allows a local, userland (unprivileged) process to read contents of memory of other processes, including kernel memory.
An attacker wanting to exploit these vulnerabilities in LogLogic LMI will already have root-level privileges and therefore exploiting these vulnerabilities will not provide them with any extra attack vector or advantage.
TIBCO always recommends that access to LogLogic LMI EVA and non-EVA be limited to as few people as possible as everyone accessing the system is a privileged user.
Even though there is no advantage to an attacker using these vulnerabilities on a LogLogic, LMI TIBCO is working with our upstream vendors to determine which patches are required to address the Meltdown and Spectre vulnerabilities.
Additional information on TIBCO’s activities related to the Meltdown and Spectre vulnerabilities can be found at https://www.tibco.com/services/support/public-notices.
Issue/Introduction
Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerability exposure and impact status for TIBCO LogLogic LMI
Environment
physical (LX, MX and ST models) and virtual
Resolution
Since the original publishing of this article TIBCO has released BIOS and firmware patches for LogLogic LMI hardware appliances (H4, H4R1, and H4R2 models) running software versions 6.1.1 and 6.2.0. Refer to Knowledge Article 000035547 for details and instructions on how to install the patches.
The patches do not apply to the Enterprise Virtual Appliance (EVA).
The patches do not apply to the Enterprise Virtual Appliance (EVA).
Feedback
Yes
No
Powered by
