Core Security Technologies Discovers Vulnerability in IBM SolidDB Memory Caching Software.Widespread Use of SolidDB in Other Vendors' Products Broadens Scope of DoS Vulnerability BOSTON -- Core Security Technologies, provider of the CORE IMPACT family of comprehensive enterprise security testing Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, solutions, today issued an advisory disclosing a vulnerability that could affect large numbers of organizations using IBM's SolidDB relational database management system relational database management system - relational database , as well as those organizations using the many third party products in which the IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) technology has been integrated. A vulnerability researcher working in CoreLabs, the research arm of Core Security Technologies, found that by sending certain packets of information to systems using SolidDB it is possible to trigger a non-recoverable error in the program and thus terminate related server processes, creating the potential for remote denial-of-service (DoS) attacks. As a result, many other products that utilize SolidDB are also vulnerable to the same type of compromise. IBM issued a SolidDB update that addresses the vulnerability (SolidDB/Universal Cache 6.3 Fix Pack 3) on Nov. 13, 2009. The vendor claims that there are currently over 3 million deployments of SolidDB in various telecommunications networks, enterprise applications, and embedded software Instructions that permanently reside in a ROM or flash memory chip. Embedded software may be immediately available to the CPU or, for faster execution, may be transferred to RAM first and then executed. and systems, including use in products made by Cisco, HP, Alcatel, and Nokia Siemens. In a related announcement, HP issued a security advisory addressing a vulnerability in the database server core component of its OpenView Network Node (networking) network node - (node) An addressable device attached to a computer network. If the node is a computer it is more often called a "host". Manager. CoreLabs researchers first discovered the involved HP NNM NNM Network Node Manager NNM NASDAQ National Market (financial) NNM National Nutrition Month (March; American Dietetic Association) NNM Naryan-Mar (Russia) NNM Net New Money vulnerability and reported it to the vendor as well. CoreLabs researcher Damian Frizza is credited with discovering the SolidDB vulnerability. "One of the important issues highlighted by this discovery is how vulnerabilities resident in these types of technologies that are widely used in other products can have a chain reaction in exposing large numbers of organizations to potential attacks," said Ivan Arce, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Core Security Technologies. "This is one of the main reasons why it is so important for technology partners to have dedicated vulnerability and security response processes in place when they license each others' products - to ensure that all affected end users can be advised of any problems as soon as possible when the issues are discovered to help protect themselves." Vulnerability Specifics CoreLabs initially discovered the vulnerability in IBM SolidDB as part of its ongoing research efforts into security issues found in other products that utilize the in-memory caching software, namely HP OpenView NNM. The DoS flaw specifically affects IBM SolidDB Server versions 6.30.0.29 and 6.30.0.33. Other versions may also be vulnerable but were not tested by Core. The IBM SolidDB product family consists of relational, in-memory database technology that promises to accelerate the speed and performance of database applications via the use of SQL SQL in full Structured Query Language. Computer programming language used for retrieving records or parts of records in databases and performing various calculations before displaying the results. coding. In addition to use in third party technologies, the in-memory database is also leveraged as core component of IBM's SolidDB Universal Cache, a performance improvement application for relational databases such as IBM DB2, Microsoft SQL Server A relational DBMS from Microsoft that is a major component of the Windows Server System. It is Microsoft's high-end client/server database and is closely integrated with Microsoft Visual Studio and the Microsoft Office System. , Oracle and Informix products. CoreLabs researchers discovered a remotely exploitable vulnerability in the database server core component of SolidDB. Exploitation of the bug does not require authentication and will lead to a remotely triggered denial-of-service of the database service. Specifically, IBM SolidDB server listens and accepts remote connections on port 2315/tcp. The service is implemented by 'solid.exe' which is started automatically on boot of the program. For certain transactions, upon receiving a packet from the network the service will attempt to determine and display an error code string based on a error code number specified in the packet. By sending a specially crafted packet with an invalid error code number it is possible to trigger an exception that forces abnormal termination of the involved SolidDB service. Based on CoreLabs' research it appears unlikely that the vulnerability could be exploited for anything other than remote DoS attacks. IBM's SolidDB/Universal Cache 6.3 Fix Pack 3 which addresses the DoS problem is available at: http://www-01.ibm.com/support/docview.wss?rs=0&q1=solidb&uid=swg24024510 For more information on this vulnerability and the systems affected, please visit: http://www.coresecurity.com/content/ibm-soliddb-errorcode-dos About CoreLabs CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. Research is conducted in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing and cryptography. Results from these efforts include problem formalization for·mal·ize tr.v. for·mal·ized, for·mal·iz·ing, for·mal·iz·es 1. To give a definite form or shape to. 2. a. To make formal. b. , identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. About Core Security Technologies Core Security Technologies is the leader in commercial-grade penetration testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company's CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, Mass. and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at: http://www.coresecurity.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion