Bugtraq mailing list archives
Re: NetApp Filer software versions 5.x: potential hardware killer
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Sat, 13 Feb 1999 10:01:46 -0500
But now, apparently new with the 5.x revisions of the filer operating system, a malicious individual can likely destroy the disk drive hardware itself.
On reflection, this is really a bug in the disk drive. If a NetApp can shove new firmware into the drive, so could any host it's connected to.
How is this different from any host (Unix, Windows, DOS, network equipment) that has one or more components with upgradeable firmware?
In my opinion, it isn't fundamentally different. If I saw, for example, a machine with flashable "PROM" code that *didn't* require some physical change - eg, a jumper on the board - to enable that functionality, I wouldn't go near the thing. Any drive that allows its host to download new firmware without some documented hard means of disabling this capability (typically a jumper on the drive) is just *asking* for trouble. NetApp is not the problem. Given knowledge of the relevant commands to the drive, any of the free-source OSes could become just as dangerous. NetApp is contributing only in that they make it a little easier to shove new firmware into a drive.
If I recall correctly, the procedure goes something like this: after the new firmware has completed uploading, the checksum is verified and/or it is tested in other ways (there is room for both the old and new copies, I guess), and only then will the disk switch over to the new firmware using some atomic operation.
So it may be true that someone could construct an evil firmware that also passes muster (it may be difficult to do this -- I don't know),
"I guess" - "may be true" - "I don't know". This sounds a whole lot like something bugtraq has seen many times before, a flavor of security-through-obscurity: a device with a capability that has unpleasant security implications that is rendered "secure" (note the quotes) by keeping that capability secret. I recall this most recently with router boxes that have "secret" backdoor passwords, but this is not fundamentally different.
and upon gaining root access to your filer, instead of zeroing all of your disks, they turn your disks into bricks.
Mind you, I have trouble imagining what an attacker would want to do to your drives except turning them into bricks (ie, a DOS attack) - but I am not the least bit sure nobody will think of something fiendish that I haven't thought of.
To be honest, I don't know how irrecoverable today's disks are when a bad firmware is uploaded.
Mm-hmm. More undocumented aspects of common hardware. Seagate, Quantum, etc: any of you present on bugtraq? Any of you care to speak up and document these aspects of your drives? Or if you *are* using a standardized capability, point to where it's documented? der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: NetApp Filer software versions 5.x: potential hardware killer Daniel Quinlan (Feb 12)
- Re: NetApp Filer software versions 5.x: potential hardware killer Kragen Sitaker (Feb 12)
- Re: NetApp Filer software versions 5.x: potential hardware killer James FitzGibbon (Feb 13)
- firmware upgrades (Was: Re: NetApp Filer software versions...) Pavel Kankovsky (Feb 15)
- RedHat sysklogd vulnerability Cory Visi (Feb 15)
- <Possible follow-ups>
- Re: NetApp Filer software versions 5.x: potential hardware killer der Mouse (Feb 13)
- Re: NetApp Filer software versions 5.x: potential hardware killer Kragen Sitaker (Feb 12)