Rewterz Threat Alert – Thrip Continues To Hit High Level Targets In South Asia
September 12, 2019Rewterz Threat Alert – Hidden Cobra uses Malware Variants – ELECTRICFISH & BADCALL
September 13, 2019Rewterz Threat Alert – Thrip Continues To Hit High Level Targets In South Asia
September 12, 2019Rewterz Threat Alert – Hidden Cobra uses Malware Variants – ELECTRICFISH & BADCALL
September 13, 2019Severity
Medium
Analysis Summary
A side-channel vulnerability has been discovered in Intel Server CPUs that exploits the network performance-enhancing capabilities of recent Intel server CPUs. The vulnerability is named NetCat and uses these network performance-enhancing capabilities to potentially leak information transmitted during an SSH-protected session. It takes advantage of Data-Direct I/O (DDIO), a feature of recent Intel server-grade CPUs that allows peripherals to read/write from/to the fast (last-level) cache. It was introduced to improve performance of servers in high-speed network environments.
Using this vulnerability, an attacker on a remote system can, by merely sending packets to the targeted server, get information on the arrival timing of packets sent by a third system. After processing that information with statistical routines, an accurate decoding of text being typed on the third system can be created.
Impact
Sensitive Data Leakage
Affected Vendors
Intel
Affected Products
Intel Server CPUs
Remediation
- Intel recommends that customers should disable DDIO, which is enabled by default.
- Users should limit direct access from untrusted networks when DDIO & RDMA are enabled.