2 security problem Quantum SNAP server
Problem first discoverd:2001.8.10
Discoverd by: awacs_at_hawkeye
Published: 2002.5.30
I had found 2 security problem on Quantum SNAP server.
(SNAP server is Network Area Strage server.)
Tested machine SNAPserver4100/160G
Problem 1 : incleasing sequence number.
I had fingerprinted about TCP/IP protocol stack,
and this results,I think SNAP server's OS is *BSD.
And, This OS's TCP sequence number was added 800
to previous number simply.
So, it's easy to spoof IP connection.
Problem 2 : DoS attack by fragment packet.
When I searched open port, I used nmap with -f option.
And some minuites after run nmap, SNAP server is down.
I searched bugtraq archive, I found this article.
http://www.securityfocus.com/archive/1/187411
>From this article, NetBSD had vulnerability, and I think
SNAP server had same problem.
Solution
Use firewall(or other protect method) to protect against malicious user(s).
Or ask vender:-)
Vender status
I reported this problem to Quantum's japanese region,
and I recieved answer.
He said," We will print about this problem on WWW.
and next version of SNAPserver, We will change OS from BSD to Linux.
So, please wait to release advisory until the next year(2002)."
After this comment, I don't get any infomation from vender.
I don't know whether it was revised or not.
But it's time to disclose this.
Thanks Mr.X on Quantum's japanese region.
and sorry my poor English.
awacs_at_hawkeye
Received on May 30 2002
Intro
