Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: [DE] Die Hintertür von Intel's IME  (Read 5422 times)

Offline unklarer

  • User
  • Posts: 816
[DE] Die Hintertür von Intel's IME
« on: 2017/11/24, 15:49:20 »
Danke an @devil   :)

Habe gestern abend deine Artikel-Serie gelesen und habe das Prozedere an meinen drei Rechnern ausgeführt.

Ich könnte (kotzen)   >:(   Aber, warum soll es mir mit den vielen, vielen Millionen Nutzern besser gehen!?  :P

T500  Ja
Code: [Select]
# ./intel_sa00086.py
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-24 13:54:49 GMT

*** Host Computer Information ***
Name: siduction
Manufacturer: LENOVO
Model: 20564QG
Processor Name: Intel(R) Core(TM)2 Duo CPU     T9400  @ 2.53GHz
OS Version: siduction 2012.1.1 Desperado (4.14.0-towo.1-siduction-amd64)

*** Risk Assessment ***
Detection Error: This system may be vulnerable. <===Erkennungsfehler:Dieses System kann anfällig sein.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

x40  Jein
Code: [Select]
# ./intel_sa00086.py
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-24 13:46:52 GMT

*** Host Computer Information ***
Name: x40
Manufacturer: IBM
Model: 2371H8G
Processor Name: Intel(R) Pentium(R) M processor 1.40GHz
OS Version: debian buster/sid  (4.9.11-towo.2-siduction-686)

*** Risk Assessment ***
Detection Error: This system may be vulnerable, please install the Intel(R) MEI/TXEI driver (available from your system manufacturer).

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Desktop  Jein
Code: [Select]
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-23 22:29:15 GMT

*** Host Computer Information ***
Name: localhost
Manufacturer: System manufacturer
Model: P5Q-PRO
Processor Name: Intel(R) Core(TM)2 Quad CPU    Q9400  @ 2.66GHz
OS Version: Mageia 5 Official (4.4.92-desktop-1.mga5)
                                                                                 
*** Risk Assessment ***                                                                     
Detection Error: This system may be vulnerable, please install the Intel(R) MEI/TXEI driver (available from your system manufacturer).                                                                                       
                                                                                                       
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:                                                                                               
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
« Last Edit: 2017/11/24, 16:23:28 by unklarer »

Offline whistler_mb

  • User
  • Posts: 198
Re: Die Hintertür von Intel's IME
« Reply #1 on: 2017/11/24, 16:24:09 »
Mein Tuxedo-Laptop ist laut Script nicht betroffen.
Code: [Select]
# ./intel_sa00086.py
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-24 15:21:49 GMT

*** Host Computer Information ***
Name: Tuxedo
Manufacturer: Notebook
Model: W230ST
Processor Name: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
OS Version: debian buster/sid  (4.14.1-towo.2-siduction-amd64)

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 9.0.20.1427
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Offline hendrikL

  • Administrator
  • User
  • *****
  • Gravatar
  • Posts: 927
Re: Die Hintertür von Intel's IME
« Reply #2 on: 2017/11/24, 16:39:08 »
Auch ein Dank an devil,

für den netten Artikel!
Bin gespannt wie die verschiedenen Hardwareanbieter reagieren.

Code: [Select]
# ./intel_sa00086.py
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-24 15:30:53 GMT

*** Host Computer Information ***
Name: t410
Manufacturer: LENOVO
Model: 253725G
Processor Name: Intel(R) Core(TM) i5 CPU       M 540  @ 2.53GHz
OS Version: debian buster/sid  (4.14.1-towo.2-siduction-amd64)

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 6.1.10.1052
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Code: [Select]
# inxi -M
Machine:   Device: laptop System: LENOVO product: 253725G v: ThinkPad T410 serial: R89AHP8
           Mobo: LENOVO model: 253725G serial: 1ZHXC08ZCAH BIOS: LENOVO v: 6IET85WW (1.45 ) date: 02/14/2013

Auch wenn da angeblich kein Hintertürchen ist, sollte man sich nicht in Sicherheit wiegen.

Offline bluelupo

  • User
  • Posts: 2.068
    • BluelupoMe
Re: Die Hintertür von Intel's IME
« Reply #3 on: 2017/11/26, 13:36:46 »
Mein Lenovo T430 ist auch nicht betroffen.

Code: [Select]
# ./intel_sa00086.py
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-26 12:35:21 GMT

*** Host Computer Information ***
Name: bluesky
Manufacturer: LENOVO
Model: 2347A31
Processor Name: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
OS Version: debian buster/sid  (4.14.0-towo.1-siduction-amd64)

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 8.0.12.1498
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Offline samoht

  • User
  • Posts: 478
Re: Die Hintertür von Intel's IME
« Reply #4 on: 2017/11/27, 09:06:43 »
Hier sieht es - wie leider zu vermuten - schlecht aus:

Code: [Select]
# ./work/SA00086_Linux/intel_sa00086.py 
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved
 
Application Version: 1.0.0.128
Scan date: 2017-11-27 07:42:04 GMT
 
*** Host Computer Information ***
Name: tuxxy
Manufacturer: Gigabyte Technology Co., Ltd.
Model: EP45-UD3LR
Processor Name: Intel(R) Core(TM)2 Duo CPU     E7400  @ 2.80GHz
OS Version: debian buster/sid  (4.14.1-towo.2-siduction-amd64)
 
*** Risk Assessment ***
Detection Error: This system may be vulnerable, please install the Intel(R) MEI/TXEI driver (available from your system manufacturer).
 
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Code: [Select]
# inxi -M
Machine:   Device: desktop Mobo: Gigabyte model: EP45-UD3LR v: x.x serial: N/A BIOS: Award v: F11 date: 04/22/2010

Wird wohl nichts mehr mit einem Security Update.  >:(

Greetings,
Tom
« Last Edit: 2017/11/27, 09:13:07 by samoht »

Offline hendrikL

  • Administrator
  • User
  • *****
  • Gravatar
  • Posts: 927
Re: Die Hintertür von Intel's IME
« Reply #5 on: 2017/11/27, 09:48:48 »
Nun, auch wenn irgend welche Sicherheits-Updates reinkommen, es ist und bleibt ein backdoor/ Hintertürchen!
Einzig, dass deaktivieren des ganzen würde Abhilfe schaffen, alles andere ist Augenwischerei!

Offline musca

  • User
  • Posts: 725
  • sid, fly high!
Re: Die Hintertür von Intel's IME
« Reply #6 on: 2017/11/27, 09:57:45 »
Ja, HendrikL,

so sieht Google das auch und will das Zeug loswerden. Ein Lichtblick!

Grüße
musca
„Es irrt der Mensch, solang er strebt.“  (Goethe, Faust)

Offline unklarer

  • User
  • Posts: 816
Re: Die Hintertür von Intel's IME
« Reply #7 on: 2017/11/27, 09:59:13 »
Hallo Tom,

auch wenn
Quote from: hendrikL
Auch wenn da angeblich kein Hintertürchen ist, sollte man sich nicht in Sicherheit wiegen.
richtigerweise schreibt, glaube (!) ich, dass wir das relativieren können.

Unsere "Ergebnisse" besagen doch, Intel hat das gelieferte Tool auf so "alten Maschinen", wie wir sie haben, nicht getestet und wird es wohl auch nicht mehr tun. Ich werde mich doch nicht um das einspielen der IME-Treiber kümmern, damit ich es schließlich auch habe?!   8)

Bei meinem T500 gehe ich davon aus, wenn hier jemals ein Bios-Update durchgeführt wurden wäre und, was ich
laut Lenovo immer noch kann, dann...

Damit kann ich auch völlig falsch liegen   ???