Our vulnerability scanner is causing the server backup software’s we use on to crash.
After examining a crash dump, a developer for the backup software replied
“Looking at the logs it we are getting some corrupted packets and that is causing the
to try to allocate huge memory and that is the reason for the failure.
Does this security scanner corrupt our packets to test some of its features? If yes then they will have to stop it.”
While not sending corrupt packets would stop the crashing, I’m not sure a bad guy would be so kind as to respect at request. I also wonder if there is a remote exploit in this defect.
To take it out of the realm of the vulnerability scanner, I used nmap’s service fingerprint option to crash the service. Reviewing the packets with wireshark shows that nmap with the -sV option set is also throwing a corrupt packet. The hardest part in reproducing this is the backup software not staying on a predictable port.
Vulnerabilities in backup software are frequently targeted. Backup software often runs with full admin or system rights. Exploiting vulnerabilities in backup software can lead to information disclosure or an attacker fully compromising import servers. SANS has backup software vulerabilities in the SANS Top 20 list.