Flaw in Intel Ethernet controller exposes to 'packet of death' attack

The hardware qualification is a very important issue, recent vulnerabilities discovered in network appliances of various manufacturer have alerted security community once again on the necessity to validate the hardware especially for large consume product. The last news is related to a vulnerability related to the Intel's 82574L Ethernet controller that expose equipment to risk of "packet of death." Attack.

Star2Star's

chief

technology

officer Kristian Kielhofneridentified the cause of the problems after customers experienced random crashes. Researchers at Star2Star after the analysis of lot traffic identified the cause of the problem in the format of a packet managed by a particular VoIP manufacturer. But as yet it is unclear how widespread the problem is or how other Intel hardware is affected. Kielhofner, wrote: "The system and Ethernet interfaces would appear fine," "and then after a random amount of traffic the interface would report a hardware error (lost communication with PHY) and lose link. Literally the link lights on the switch and interface would go out. It was dead." "Nothing but a power cycle would bring it back. Attempting to reload the kernel module or reboot the machine would result in a PCI scan error. The interface was dead until the machine

was physically powered down and powered back on. In many cases, for our customers, this meant a truck roll." "Problem packets had just the right Call-ID, tags, and branches to cause the '2' in the ptime to line up with 0x47f." The problem is very insidious, Kielhofner's team was able to create packets and target them at particular systems. "With a modified HTTP server configured to generate the data at byte value (based on headers, host, etc.) you could easily configure an HTTP 200 response to contain the packet of death - and kill client machines behind firewalls!" Kielhofner has posted a test page that allows system admins to test to see if their devices are vulnerable, meantime his team is working with Intel to produce a fix for the bug. Douglas Boom from Intel said in a blog post, "Intel root caused the issue to the specific vendors mother board design where an incorrect EEPROM image was programmed during manufacturing. We communicated the findings and recommended corrections to the motherboard_manufacturer." "It is Intels belief that this is an implementation issue isolated to a specific manufacturer, not a design problem with the Intel 82574L Gigabit Ethernet controller."

Whereas,Kristian Kielhofner said, "However, I still dont believe this issue is completely isolated to this specific instance and one motherboard manufacturer. For one, I have received at least two confirmed reports from people who were able to reproduce this issue - my packet of death shutting down 82574L hardware from different motherboard manufacturers."

Post by

SHINE SREEDHAR
Certified Cyber Security Specialist TRYEN SECURITY SOLUTIONS

(ccss)