Intel CPUs Hit By NetCat Attack Vulnerability

Intel Vulnerable
Intel Vulnerable

Intel CPUs Vulnerable to NetCat Attack, which can leak the data remotely.

The vulnerability affected in Intel products including Intel Xeon E5, E7 and SP families that support DDIO and RDMA.

Security researchers of Vrije University VUSec, the systems and network security group at VU Amsterdam presents the first security analysis of DDIO.

What is DDIO?

Data-Direct I/O (DDIO) is a performance-enhancing technology on recent Intel server-grade processors. Instead of reading/writing from/to slow memory, DDIO allows peripherals to read/write from/to the fast (last-level) cache. DDIO was specifically introduced to improve the performance of server applications in fast networks.

“The first network-based cache attack on the processor’s last-level cache of a remote machine. We show that NetCAT can break confidentiality of a SSH session from a third machine without any malicious software running on the remote server or client. The attacker machine does this by solely sending network packets to the remote server, said VUSec researchers.”

Also See- Intelligent Machines – How Artificial Intelligence is Going To Revolutionise Cyber Security?

Intel released the security advisory,

A potential security vulnerability in some microprocessors with Intel® Data Direct I/O Technology (Intel® DDIO) and Remote Direct Memory Access (RDMA) may allow partial information disclosure via adjacent access.

Vulnerability Details:
CVEID: CVE-2019-11184

Description: A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.

CVSS Base Score: 2.6 Low

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

Affected Products:
Intel® Xeon® E5, E7 and SP families that support DDIO and RDMA.

Recommendations:
Partial information potentially disclosed through exploitation of this vulnerability could be utilized to enhance unrelated attack methods. For published exploits that Intel is aware of, Intel recommends users follow existing best practices including:

Where DDIO and RDMA are enabled, limit direct access from untrusted networks.

The use of software modules resistant to timing attacks, using constant-time style code.

Acknowledgements:
Intel would like to thank Michael Kurth, Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi from VU Amsterdam for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Demo

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

Zero-Day Vulnerability In WordPress SMTP Plugin

There are two cybersecurity companies have detected Zero-Day vulnerability in WordPress SMTP...
Read More

Leave a Reply