Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

HP StorageWorks P2000 G3 MSA hardcoded user

Published: 2010-12-15
Last Updated: 2010-12-17 01:28:22 UTC
by Manuel Humberto Santander Pelaez (Version: 2)
1 comment(s)

An encoded user was identified in the HP StorageWorks MSA G3 P2000, which does not appear in the user management system, which allows an attacker to access sensitive information stored on the device and other connected systems.

Username: admin

Password: !admin

It is difficult to make any forecast on this type of vulnerability, we recommend maintaining security baselines for all the infrastructure implemented in accordance with the recommendations of each manufacturer. Thus, we can manage the risks arising from use of these platforms without affecting performance or the result of business processes.

More information at http://www.securityweek.com/backdoor-vulnerability-discovered-hp-msa2000-storage-systems.

UPDATE (Joel):  HP has posted a fix at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02662287

(Thanks to "jt" in the comments)

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

1 comment(s)

OpenBSD IPSec "Backdoor"

Published: 2010-12-15
Last Updated: 2010-12-15 16:21:23 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

We received plenty of e-mail alerting us of a mailing list post [1] alleging a backdoor in the Open BSD IPSec code. The story is too good to pass up and repeated on twitter and other media. However, aside from the mailing list post, there is little if any hard evidence of such a backdoor. The code in question is 10 years old. Since then, it has been changed, extended, patched and copied many times. I personally do not have the time nor the skill to audit code of the complexity found in modern crypto implementations. But my gut feeling is that this is FUD if not an outright fraud.

Keep using VPNs, if you are worried, limit the crypto algorithms used to more modern once. It is always a good idea to build additional defensive layers and review configurations from time to time. But at some point, you have to decide who you trust in this game and how paranoid you can afford to be.

[1] http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: backdoor FBI openbsd
1 comment(s)

Vulnerability in the PDF distiller of the BlackBerry Attachment Service

Published: 2010-12-15
Last Updated: 2010-12-15 15:53:21 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

One of the service components inside BlackBerry Enterprise Server is the BlackBerry Attachment Service, which retrieves and converts attachments from Word, Excel, PowerPoint, WordPerfect, PDF, ASCII documents, HTML attachments, JPG, BMP, GIF, PNG and TIFF images and file types listed above archived in .zip format documents to the Universal Content Stream format for BlackBerry device. The specific component that handles PDF files is the PDF distiller, which could allow arbitrary code execution on the computer that hosts the BlackBerry Attachment Service due to buffer overflow errors.

PDF vulnerabilities have become very common and it is important that all those who have services with programs that depend on this format place additional controls to minimize the risk of malware and buffer overflows in the infrastructure.

More information at http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24761

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

0 comment(s)
Diary Archives