Bugtraq mailing list archives
Re: NetApp Filer software versions 5.x: potential hardware killer
From: james () ICAN NET (James FitzGibbon)
Date: Sat, 13 Feb 1999 14:04:55 -0500
On Fri, 12 Feb 1999, Kragen Sitaker wrote:
Once you'd found infected machines, you could exert complete control over them. A particularly obnoxious possibility: you could insert "logic bombs" into the disk firmware that would activate only when certain (long and rather improbable, perhaps a few hundred bytes) were read from the disk. Then spam people with a .gif containing that sequence, along with steganographically-encoded machine code. They extract the .gif onto their disk, nicely aligned with the beginning of a sector, and load it up with Netscape.
I think it's important to keep this particular exploit in perspective; an admin who didn't secure the network the filer was connected to is probably going to get hit with a much more prevalent DoS or exploit before someone goes to the trouble of rewriting their firmware. The amount of information you'd need to do that is just slightly above writing root shell exploits when you don't know the architecture you're trying to attack. The point on firmware does hold true though. I think that what we're seeing here (and will likely continue to see as more appliances hit the market) is easier administration at the cost of security. I'll grant that that is a sweeping statement, but anytime you reduce the core functionality of a machine to do "just one thing", you lose out on the flexibiltiy side, and that often includes security. What NetApp admin wouldn't like to compile up a copy of SSH for their filer and turn off telnet ? If the NFS server was a full unix server, that's a 10 minute task. With NetApp, the crypto-export laws make it a two-year plus 10 minute task. I guess it all comes down to the individual admin. Do you want a box that you plug in, configure and leave alone even if it costs you on security, or do you want a full *nix box that will be very secure, but that you'll have to keep tabs on every day ? -- j. James FitzGibbon james () ican net System Engineer, ACC Global Net Voice/Fax (416)207-7171/7610
Current thread:
- Re: NetApp Filer software versions 5.x: potential hardware killer Daniel Quinlan (Feb 12)
- Re: NetApp Filer software versions 5.x: potential hardware killer Kragen Sitaker (Feb 12)
- Re: NetApp Filer software versions 5.x: potential hardware killer James FitzGibbon (Feb 13)
- firmware upgrades (Was: Re: NetApp Filer software versions...) Pavel Kankovsky (Feb 15)
- RedHat sysklogd vulnerability Cory Visi (Feb 15)
- <Possible follow-ups>
- Re: NetApp Filer software versions 5.x: potential hardware killer der Mouse (Feb 13)
- Re: NetApp Filer software versions 5.x: potential hardware killer Kragen Sitaker (Feb 12)