2 security problem Quantum SNAP server Problem first discoverd:2001.8.10 Discoverd by: awacs@hawkeye Published: 2002.5.30 I had found 2 security problem on Quantum SNAP server. (SNAP server is Network Area Strage server.) Tested machine SNAPserver4100/160G Problem 1 : incleasing sequence number. I had fingerprinted about TCP/IP protocol stack, and this results,I think SNAP server's OS is *BSD. And, This OS's TCP sequence number was added 800 to previous number simply. So, it's easy to spoof IP connection. Problem 2 : DoS attack by fragment packet. When I searched open port, I used nmap with -f option. And some minuites after run nmap, SNAP server is down. I searched bugtraq archive, I found this article. http://www.securityfocus.com/archive/1/187411 From this article, NetBSD had vulnerability, and I think SNAP server had same problem. Solution Use firewall(or other protect method) to protect against malicious user(s). Or ask vender:-) Vender status I reported this problem to Quantum's japanese region, and I recieved answer. He said," We will print about this problem on WWW. and next version of SNAPserver, We will change OS from BSD to Linux. So, please wait to release advisory until the next year(2002)." After this comment, I don't get any infomation from vender. I don't know whether it was revised or not. But it's time to disclose this. Thanks Mr.X on Quantum's japanese region. and sorry my poor English. awacs@hawkeye
This archive was generated by hypermail 2b30 : Thu May 30 2002 - 10:38:56 PDT