IBM WebSphere DataPower Security Gateway Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1021547
|
|
SecurityTracker URL: http://securitytracker.com/id?1021547
|
|
CVE Reference: CVE-2009-0120
(Links to External Site)
|
Updated: Jan 29 2009
|
Original Entry Date: Jan 8 2009
|
Impact: Denial of service via network
|
Fix Available: Yes
Exploit Included: Yes
|
Version(s): 3.6.1.5; possibly other versions
|
Description: A vulnerability was reported in IBM WebSphere DataPower XS40. A remote user can cause denial of service conditions.
A remote user can send specially crafted data over an SSL connection to cause the target device to crash and reboot.
erik at psafe.nl reported this vulnerability.
|
Impact: A remote user can cause the target device to crash.
|
Solution: The report indicates that a fix is included in 3.6.1.12.
|
Vendor URL: www.ibm.com/ (Links to External Site)
|
Cause: State error
|
Reported By: erik@psafe.nl
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 8 Jan 2009 03:14:51 -0700
From: erik@psafe.nl
Subject: [IBM Datapower XS40] Denial of Service
|
It appears it is possible to crash the IBM DataPower XS40 Security Gateway device by sending a simple
(random?) string to it, over
an established SSL-connection. The device reboots as a response to the input.
Tested vulnerable firmware is 3.6.1.5
Issue fixed as tested in 3.6.1.12
Tested as follows (entered attack-string is ´abc´ in this case):
openssl s_client -connect [IP]:[port]
Loading 'screen' into random state - done
CONNECTED(0000078C)
..
---
abc [enter][enter]
read:errno=0
After this, the device crashes and reboots
|
|
