Title: Innovation Data Processing FDR Port Scan DoS Release Date: 2009-10-14 Application: Innovation Data Processing FDR <unknown> Cross Ref: CVE-2006-6404, OSVDB 30782 Description: ------------ Innovation Data Processing's FDR Backup application is prone to a denial of service (DoS) condition. The loss of service can occur when the application is scanned with a common port scan utility (such as Nmap). When the application receives a typical TCP based port scan, it may stop accepting incoming connections and fail to process legitimate requests for backup. Product Details: ---------------- Vendor: Innovation Data Processing Product: FDR Version: <unknown> Proof of Concept: ----------------- # nmap -sS -p 1-65535 [target] Solution: --------- FDR tested this on all current products at the time of reporting and could not reproduce the issue. Upgrade to the latest version of FDR, as it properly handles port scan activity. Disclosure Timeline: -------------------- 2005-04-15: Vulnerability Discovered 2007-02-28: Disclosed to Vendor via e-mail to support@fdrinnovation.com CVE: ---- This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems. The CVE initiative has assigned CVE Candidate CVE-2006-6404 to this issue. References: ----------- OSVDB: http://osvdb.org/30782 Vendor: http://www.innovationdp.fdr.com/products/fdr/fdr.cfm Nmap: http://insecure.org/nmap/ DoS Information: http://en.wikipedia.org/wiki/Denial-of-service_attack Credit: ------- Anonymous