Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3016
HistoryMay 31, 2002 - 12:00 a.m.

2 security problem Quantum SNAP server

2002-05-3100:00:00
vulners.com
8
JSON

2 security problem Quantum SNAP server

Problem first discoverd:2001.8.10
Discoverd by: awacs@hawkeye
Published: 2002.5.30

I had found 2 security problem on Quantum SNAP server.
(SNAP server is Network Area Strage server.)

Tested machine SNAPserver4100/160G

Problem 1 : incleasing sequence number.
I had fingerprinted about TCP/IP protocol stack,
and this results,I think SNAP server's OS is *BSD.
And, This OS's TCP sequence number was added 800
to previous number simply.
So, it's easy to spoof IP connection.

Problem 2 : DoS attack by fragment packet.
When I searched open port, I used nmap with -f option.
And some minuites after run nmap, SNAP server is down.
I searched bugtraq archive, I found this article.
http://www.securityfocus.com/archive/1/187411

>From this article, NetBSD had vulnerability, and I think
SNAP server had same problem.

Solution
Use firewall(or other protect method) to protect against malicious user(s).
Or ask vender:-)

Vender status
I reported this problem to Quantum's japanese region,
and I recieved answer.
He said," We will print about this problem on WWW.
and next version of SNAPserver, We will change OS from BSD to Linux.
So, please wait to release advisory until the next year(2002)."
After this comment, I don't get any infomation from vender.
I don't know whether it was revised or not.

But it's time to disclose this.

Thanks Mr.X on Quantum's japanese region.
and sorry my poor English.

awacs@hawkeye

JSON