Bugtraq mailing list archives

Re: NetApp Filer software versions 5.x: potential hardware killer

From: james () ICAN NET (James FitzGibbon)
Date: Sat, 13 Feb 1999 14:04:55 -0500


On Fri, 12 Feb 1999, Kragen Sitaker wrote:

Once you'd found infected machines, you could exert complete control
over them.  A particularly obnoxious possibility: you could insert
"logic bombs" into the disk firmware that would activate only when
certain (long and rather improbable, perhaps a few hundred bytes) were
read from the disk.  Then spam people with a .gif containing that
sequence, along with steganographically-encoded machine code.  They
extract the .gif onto their disk, nicely aligned with the beginning of
a sector, and load it up with Netscape.


I think it's important to keep this particular exploit in perspective; an
admin who didn't secure the network the filer was connected to is probably
going to get hit with a much more prevalent DoS or exploit before someone
goes to the trouble of rewriting their firmware.  The amount of
information you'd need to do that is just slightly above writing root
shell exploits when you don't know the architecture you're trying to
attack.

The point on firmware does hold true though.  I think that what we're
seeing here (and will likely continue to see as more appliances hit the
market) is easier administration at the cost of security.  I'll grant that
that is a sweeping statement, but anytime you reduce the core
functionality of a machine to do "just one thing", you lose out on the
flexibiltiy side, and that often includes security.

What NetApp admin wouldn't like to compile up a copy of SSH for their
filer and turn off telnet ?  If the NFS server was a full unix server,
that's a 10 minute task.  With NetApp, the crypto-export laws make it a
two-year plus 10 minute task.

I guess it all comes down to the individual admin.  Do you want a box that
you plug in, configure and leave alone even if it costs you on security,
or do you want a full *nix box that will be very secure, but that you'll
have to keep tabs on every day ?

--
j.

James FitzGibbon                                                james () ican net
System Engineer, ACC Global Net                   Voice/Fax (416)207-7171/7610

Current thread:

Re: NetApp Filer software versions 5.x: potential hardware killer Daniel Quinlan (Feb 12)
- Re: NetApp Filer software versions 5.x: potential hardware killer Kragen Sitaker (Feb 12)
  - Re: NetApp Filer software versions 5.x: potential hardware killer James FitzGibbon (Feb 13)
  - firmware upgrades (Was: Re: NetApp Filer software versions...) Pavel Kankovsky (Feb 15)
  - RedHat sysklogd vulnerability Cory Visi (Feb 15)
- <Possible follow-ups>
- Re: NetApp Filer software versions 5.x: potential hardware killer der Mouse (Feb 13)