Innovation Data Processing FDR Port Scan DoS

2009-10-20 / 2009-10-21
Credit: Anonymous
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other


Ogólna skala CVSS: 5/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Brak
Wpływ na dostępność: Częściowy

Title: Innovation Data Processing FDR Port Scan DoS Release Date: 2009-10-14 Application: Innovation Data Processing FDR <unknown> Cross Ref: CVE-2006-6404, OSVDB 30782 Description: ------------ Innovation Data Processing's FDR Backup application is prone to a denial of service (DoS) condition. The loss of service can occur when the application is scanned with a common port scan utility (such as Nmap). When the application receives a typical TCP based port scan, it may stop accepting incoming connections and fail to process legitimate requests for backup. Product Details: ---------------- Vendor: Innovation Data Processing Product: FDR Version: <unknown> Proof of Concept: ----------------- # nmap -sS -p 1-65535 [target] Solution: --------- FDR tested this on all current products at the time of reporting and could not reproduce the issue. Upgrade to the latest version of FDR, as it properly handles port scan activity. Disclosure Timeline: -------------------- 2005-04-15: Vulnerability Discovered 2007-02-28: Disclosed to Vendor via e-mail to support@fdrinnovation.com CVE: ---- This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems. The CVE initiative has assigned CVE Candidate CVE-2006-6404 to this issue. References: ----------- OSVDB: http://osvdb.org/30782 Vendor: http://www.innovationdp.fdr.com/products/fdr/fdr.cfm Nmap: http://insecure.org/nmap/ DoS Information: http://en.wikipedia.org/wiki/Denial-of-service_attack Credit: ------- Anonymous

Referencje:

http://www.osvdb.org/30782
http://osvdb.org/ref/30/30782-fdr_portscan.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top