Datacenters and Directory Traversals
We got a couple of interesting emails late in the shift today so I thought I'd lump them into one diary.
Tommy asked, "What happens when a SANS taught security guy builds a datacenter?" You have to see this to believe it. He used a former class III safety deposit bank vault and put photos of the construction online at http://www.tylervault.com/how.htm. Nice job!
Ron told us that he "wrote an Nmap script this week to detect a VMWare vulnerability, CVE-2009-3733. It's a nasty one because it's trivial to exploit and potentially incredibly damaging (you can download any file from the filesystem)." The details of the vulnerability were released last weekend at Shmoocon. It's a directory traversal issue - remember them? I thought we figured out ten years ago that this was a Bad ThingTM. I guess VMWare didn't get the message. Ron's Nmap script and a description of the issue is at
http://www.skullsecurity.org/blog/?p=436.
Marcus H. Sachs
Director, SANS Internet Storm Center
Comments