Scan against Enterasys SSR8000 crash the system

From: Mella Marco (m.mellaat_private)
Date: Fri Sep 13 2002 - 02:44:31 PDT

Next message: Martin Schulze: "[SECURITY] [DSA 166-1] New purity packages fix potential buffer overflows"

Previous message: Gossi The Dog: "Re: Bypassing SMTP Content Protection with a Flick of a Button"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The SSR8000 (Smart Switch Router) listening on tcp ports 15077 and 15078,
this ports are used for MPS code.
For more information about ATM MPOA Server (MPS) :

	http://www.enterasys.com/support/techtips/tk0659-9.html

  
Sending few packets on tcp ports 15077 and 15078 against SSR8000 with
firmware E8.2.0.0, and E8.3.0.4 the system go down.

Test 1
  From Linux-pc (IP 10.2.1.2) to SSR " nmap -PT 10.2.1.1 -p '15077-15078' "
single scan
Result
  No Crash

Test 2
  If we do two test “ nmap -PT 10.2.1.1 -p '15077-15078'” in same time or in
few time
Result
  CPU at 1%
  System go down


Solution
Temporary solution: ACL for denies any access to ports 15077 15078 from any
interfaces

Definitive solution: Upgrade the firmware of SSR to 8.3.0.10 or greater 

Notes
probably the problem is present on other versions with firmware previous to
version 8.3.0.10

Marco
mail: m.mellaat_private

Next message: Martin Schulze: "[SECURITY] [DSA 166-1] New purity packages fix potential buffer overflows"
Previous message: Gossi The Dog: "Re: Bypassing SMTP Content Protection with a Flick of a Button"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 08:09:20 PDT