NetCat, another vulnerability in Intel Xeon puts AMD at the top of the server market

University researchers at Vrije University in Amsterdam announced Wednesday that Intel server processors are suffering from a vulnerability known as NetCAT. The vulnerability allows a side attack that can imply the work of a CPU and depends on problems with two Intel technologies mainly found in the Xeon CPU line: Direct Data I/O Technology (DDIO) and Remote Direct Memory Access (RDMA). According to the researchers, AMD chips are not affected by this vulnerability.

Intel Xeon, Intel CPUs suffer a new vulnerability called NetCat

Intel said in a security bulletin that NetCAT affects Xeon E5, E7, and SP processors that support DDIO and RDMA. A fundamental problem with DDIO, which has been enabled by default on Xeon processors since 2012, which allows side-channel attacks, is that the DDIO is not a standard feature of Xeon processors. Researchers at Vrije University said that the RDMA allows its exploit to “operatively control the relative location of network packets on the target server”.

According to researchers, the vulnerability means that untrusted devices on a network “can now filter out confidential data such as keystrokes in an SSH session from remote servers without local access. At this point, the only way to defend against these attacks would be to disable DDIO, but the researchers said that disabling RDMA could at least help a little anyone who is not willing to give up DDIO on their servers.

AMD Chips are not affected by NetCAT

Intel said in its newsletter that Xeon users should “restrict direct access from unreliable networks” and “use time-attack-resistant software modules with constant time style code. Researchers at Vrije University said these software modules don’t have much to do against NetCAT. So the safest option remains deactivation.

Researchers from Vrije University presented NetCAT to Intel and the Dutch National Centre for Cyber Security on June 23. This vulnerability has been assigned the identifier CVE-2019-11184.