The Case of the Backup Software DoS.
Our vulnerability scanner is causing the server backup software's we use on to crash.
After examining a crash dump, a developer for the backup software replied
"Looking at the logs it we are getting some corrupted packets and that is causing the
Does this security scanner corrupt our packets to test some of its features? If yes then they will have to stop it."
While not sending corrupt packets would stop the crashing, I'm not sure a bad guy would be so kind as to respect at request. I also wonder if there is a remote exploit in this defect.
To take it out of the realm of the vulnerability scanner, I used nmap's service fingerprint option to crash the service. Reviewing the packets with wireshark shows that nmap with the -sV option set is also throwing a corrupt packet. The hardest part in reproducing this is the backup software not staying on a predictable port.
Vulnerabilities in backup software are frequently targeted. Backup software often runs with full admin or system rights. Exploiting vulnerabilities in backup software can lead to information disclosure or an attacker fully compromising import servers. SANS has backup software vulerabilities in the SANS Top 20 list.
Categories
General0 TrackBacks
Listed below are links to blogs that reference this entry: The Case of the Backup Software DoS..
TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/711
1 Comments
Leave a comment
Powered by Ajax Comments
"The hardest part in reproducing this is the backup software not staying on a predictable port"
This is obviously a _good_ thing as it makes it more difficult for black hats to exploit this vulnerability. Since they would have to probe systems, it seems reasonable that network monitoring software could deny the IP before a corrupt packet could be sent.
r.