bugtraq June 2008 archive
Main Archive Page > Month Archives  > bugtraq archives
bugtraq: AS/400 Vulnerabilities

AS/400 Vulnerabilities

From: Jon Kibler <Jon.Kibler_at_nospam>
Date: Thu Jun 12 2008 - 18:53:38 GMT
To: bugtraq@securityfocus.com


Hash: SHA1


Have you ever nmap-ed a network with AS/400s? If you have, you probably know that doing so will, in at least half the cases, either crash the box, hang up one or more services, or really confuse the IP stack to the point that the box almost screeches to a halt.

Given that those boxes are so brittle to even simple network scans, it would seem that they would have to be full of exploitable vulnerabilities. If nothing else, a few custom packets should be able to DoS a box.

However, if you search for AS/400 vulnerabilities, you find only about a dozen, and most are years old. Nessus only checks for one.

Since these boxes are a common part of small to medium size business infrastructure (especially in manufacturing or organizations that have used computers for over 25 years), it looks like they would be ripe for exploitation.

This raises a couple of questions:

  1. Is anyone really doing any vulnerability research in this area?
  2. Are the boxes really just unstable to malformed network data, but not exploitable?

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.