Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Datacenters and Directory Traversals - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Datacenters and Directory Traversals

We got a couple of interesting emails late in the shift today so I thought I'd lump them into one diary.

Tommy asked, "What happens when a SANS taught security guy builds a datacenter?"  You have to see this to believe it.  He used a former class III safety deposit bank vault and put photos of the construction online at http://www.tylervault.com/how.htm.  Nice job!

Ron told us that he "wrote an Nmap script this week to detect a VMWare vulnerability, CVE-2009-3733. It's a nasty one because it's trivial to exploit and potentially incredibly damaging (you can download any file from the filesystem)."  The details of the vulnerability were released last weekend at Shmoocon.  It's a directory traversal issue - remember them?  I thought we figured out ten years ago that this was a Bad ThingTM.  I guess VMWare didn't get the message.  Ron's Nmap script and a description of the issue is at
http://www.skullsecurity.org/blog/?p=441.

Marcus H. Sachs
Director, SANS Internet Storm Center

Marcus

301 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!