ny netcat-sårbarhed udnytter ddio på Intel xeon-processorer til at stjæle data - Ny

Ny NetCAT sårbarhed udnytter DDIO på Intel Xeon-processorer til at stjæle data



DDIO, or Direct Data I/O, is an Intel-exclusive performance enhancement that allows NICs to directly access a processor's L3 cache, completely bypassing the a server's RAM, to increase NIC performance and lower latencies. Cybersecurity researchers from the Vrije Universiteit Amsterdam and ETH Zurich, in a research paper published on Tuesday, have discovered a critical vulnerability with DDIO that allows compromised servers in a network to steal data from every other machine on its local network. This include the ability to obtain keystrokes and other sensitive data flowing through the memory of vulnerable servers. This effect is compounded in data centers that have not just DDIO, but also RDMA (remote direct memory access) enabled, in which a single server can compromise an entire network. RDMA is a key ingredient in shoring up performance in HPCs and supercomputing environments. Intel in its initial response asked customers to disable DDIO and RDMA on machines with access to untrusted networks, while it works on patches.

NetCAT-sårbarheden stave store problemer for webhostingudbydere. Hvis en hacker lejer en server i et datacenter med RDMA og DDIO aktiveret, kan de gå på kompromis med andre kunders servere og stjæle deres data. ”Mens NetCAT er kraftfuld selv med kun minimale antagelser, mener vi, at vi blot har ridset overfladen af ​​mulighederne for netværksbaserede cache-angreb, og vi forventer lignende angreb baseret på NetCAT i fremtiden,” lyder det i papiret. Vi håber, at vores bestræbelser advarer procesudbydere mod at udsætte mikroarkitektoniske elementer for perifere enheder uden et grundigt sikkerhedsdesign for at forhindre misbrug. ' Holdet offentliggjorde også en video briefing om NetCATs karakter. AMD EPYC-processorer understøtter ikke DDIO. Videoen med NetCAT følger.


Source: Arstechnica