Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: Re: Intel Pentium Bug

Re: Intel Pentium Bug

Aleph One (aleph1DFW.NET)
Sat, 8 Nov 1997 19:16:24 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: WARNING: Linux Intel Pentium Bug"
Previous message: Theo Van Dinter: "Re: xbru vulnerability"
Next in thread: Jason Parsons: "Re: Intel Pentium Bug"

I'll summarise most of the post on the queue. There are quite a few of
them and the mostly containt the same information. This should save some
time in light of the high volume generated by this thread.

Jeff Odom, Tyson B., Alan Cox, David Bristow, and John Dowdal point out
that on most modern motherboards you have to physically set or remove a
jumper on the motherboard in order to upgrade the flash BIOS.
Unfortunately, most people don't bother to go back and re-set the jumper
to write-protect.

It was also pointed out that it would be a feature if modern operating
systems refuses to boot with the write-protect jumper turned off or at
least print a warning message.

Marc Newman, Thom Henderson, Edward S. Marshall, Trevor Schroeder
inform us that of the the 6502, 6802, 68c02 or Z80 had an
undocumented test instruction intended to test the data bus that
would cause it to start incrementing the address bus at full speed. The
result was a lockup. The opcode was dubbed HCF (Halt and Catch Fire)..

Jonathan A. Davis also recalls that it was also possible, on Commodore
"Pet" and "SP" machines, to drive the system's CIA (Complex Interface
Adapter) chips into a hardware race, burning each other out. It cost him
around $150/US to test it.

Sylvan W. Clebsch provides some more information on the Commodore 1542
disk drive. It seems he 1542 simply had no head stop. You could
tell it to go seek track 0xFF, for example, and watch the head slide
right off and ka-boom. This was a common attack on early C-64 based
BBS's. Quite a few of them responded to a ctrl-D, CR-LF, ctrl-C combo
by dropping out of the BBS into that goofy C-64 command interpreter.
>From there, the attacker would tell each 1542 on the machine (often
quite a few on those BBS's) to seek off the edge.

He also corrects us on the proper meaning of the "Singing Disk Drive".
The amiga's 3.5" floppy could be made to produce an amazing variety of
tones, and the result was a number of concertos and fun songs that were
distributed in the form of programs that would screw with your floppy
drive. The result was that the motor would burn out before too long,
but a friend of his whose hardware was provided by the company he
worked for wasted a lot of time "composing" for the floppy drive
around 1986.

Joe Ilacqua notes that he belives the flawed SPARC chips where from the
1992 era, and could be halted in user/non-supervisor mode. As I he recalls
it, for speed they often didn't do op-code verification or test for
"impossible" combinations.  The assumption was that since all code would
be generated by compilers you could guaranty the code would be "good".

Casper Dik points out that "crashme" is designed to detect operating
system bugs, not processor bugs. It just happens that it may find some.

Aleph One / aleph1dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

Next message: Alan Cox: "Re: WARNING: Linux Intel Pentium Bug"
Previous message: Theo Van Dinter: "Re: xbru vulnerability"
Next in thread: Jason Parsons: "Re: Intel Pentium Bug"