KB Article | Forcepoint Support

Problem Description

KB 14933 provides a description of the Meltdown and Spectre Vulnerabilities CVE-2017-5715, CVE-2017-5753, CVE-2017-5754.
This article provide additional information specific for the Sidewinder product.
 
Vulnerability risk
The Meltdown and Spectre attacks are not a remote compromise against the Sidewinder firewall. These vulnerabilities have no direct impact on the Sidewinder and very little indirect impact. 
 
The Meltdown vulnerability allows a local user with normal user privileges to read kernel memory via a specially crafted exploit program. The Sidewinder firewall is not a general purpose system and only trusted administrators should have local user accounts. In order to minimize the possibility of attack by a rogue Sidewinder administrator, we created e-patches 7.0.1.03E116 and 8.3.2E154 which prevent execution of binaries not published by Forcepoint.
 
Most network services are not vulnerable because of details of the Sidewinder architecture. There are a small number of network services that could be vulnerable to the Meltdown attack. However, those services would have to first be exploited by a remote execution vulnerability, and most remote execution attacks are thwarted by Type Enforcement.
 
Spectre is a different attack that uses timing side-channels to sniff data from one process to another. Like Meltdown, it requires the ability to run code as a local user or to trick a local process into running code provided over the network (such as Javascript). While Sidewinder proxies do inspect network traffic, they will never execute any code or script that they encounter. Therefore, the mitigation for Meltdown will protect Sidewinder from Spectre as well.
 

Resolution

Hotfix and Information About Other Fixes
 
The following patches are available to resolve these vulnerabilities:
 Sidewinder 7.0.1.03Sidewinder 8.3.2Control Center 5.3.2
CVE-2017-5715
Spectre
7.0.1.03E1168.3.2E154Patch anticipated in future
CVE-2017-5753
Spectre
7.0.1.03E1168.3.2E154Patch anticipated in future
CVE-2017-5754
Meltdown
7.0.1.03E1168.3.2E154Patch anticipated in future
 
7.0.1.03E16 and 8.3.2E154 prevent execution of programs not published by Forcepoint by disallowing binaries of type "scrp" from being executed, which a rogue administrator (Admn) could have done previously. Scripts are still allowed with type "scrp". The patch also provides detection of a Meltdown attack in progress, killing the offending program and auditing that the attack occurred. This patch has no performance impact.
 
If you are running Sidewinder or Control Center on VMware, please be sure to apply the VMware patches as well.
 
Sidewinder E-Patch download information:

User name                    : atl-963845ro
User password             : 34bT4hF3AFJn
Server name                 : csftp.us.stonesoft.com
                                      : https://csftp.us.stonesoft.com

https://csftp.us.stonesoft.com/file/access.pl?username=atl-963845ro
ftp://atl-963845ro:34bT4hF3AFJn@csftp.us.stonesoft.com/upload
sftp://atl-963845ro:34bT4hF3AFJn@csftp.us.stonesoft.com/upload


 

Article Feedback



Thank you for the feedback and comments.