AS/400 Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: AS/400 Vulnerabilities
From: Jon Kibler <Jon.Kibler@xxxxxxxx>
Date: Thu, 12 Jun 2008 14:53:38 -0400
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Openpgp: id=CF394253
Organization: Advanced Systems Engineering Technology, Inc.
Reply-to: Jon.Kibler@xxxxxxxx
User-agent: Thunderbird 2.0.0.14 (Macintosh/20080421)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Have you ever nmap-ed a network with AS/400s? If you have, you probably
know that doing so will, in at least half the cases, either crash the
box, hang up one or more services, or really confuse the IP stack to the
point that the box almost screeches to a halt.

Given that those boxes are so brittle to even simple network scans, it
would seem that they would have to be full of exploitable
vulnerabilities. If nothing else, a few custom packets should be able to
DoS a box.

However, if you search for AS/400 vulnerabilities, you find only about a
dozen, and most are years old. Nessus only checks for one.

Since these boxes are a common part of small to medium size business
infrastructure (especially in manufacturing or organizations that have
used computers for over 25 years), it looks like they would be ripe for
exploitation.

This raises a couple of questions:
  1) Is anyone really doing any vulnerability research in this area?

  2) Are the boxes really just unstable to malformed network data, but
not exploitable?

THANKS!
Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhRcLIACgkQUVxQRc85QlNhrACfdG7tlp2HbDmnnIAiQS0ROZF0
CakAn0J0VdEQBhICnxXK5MV/nmiGQGhQ
=FuL1
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

Follow-Ups:
- Re: Summary of AS/400 Vulnerability Information
  - From: Jon Kibler
- Re: AS/400 Vulnerabilities
  - From: security curmudgeon
- RE: AS/400 Vulnerabilities
  - From: Michael Wojcik

Prev by Date: [USN-616-1] X.org vulnerabilities
Next by Date: Exploit for vBulletin "obscure" XSS (3.7.1 & 3.6.10)
Previous by thread: [USN-616-1] X.org vulnerabilities
Next by thread: RE: AS/400 Vulnerabilities
Index(es):
- Date
- Thread