DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 15th December 2010
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,052
Thanked 118 Times in 93 Posts
Default BACKDOR in storage array by HP, in P2000/MSA2000 G3 model

http://www.geek.com/articles/chips/s...rays-20101214/

Quote:
If you do happen to use on at your place of work, you should be aware of a recent discovery that there is a hidden user on each of these boxes that does not show up in the user manager.

This admin user, with a password of !admin, can’t be changed in any way, including the password, since they do not show up in user manager. This is the kind of backdoor that would cripple any business that relied on secure networked storage, should your network be discovered by someone malicious.

Hopefully there is an update HP can deploy en masse that could resolve such a backdoor, but for now it is a problem that all HP MSA2000 G3 owners should be aware of.
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
  #2   (View Single Post)  
Old 16th December 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,154
Thanked 182 Times in 149 Posts
Default

For an update see http://www.h-online.com/security/new...e-1154257.html
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 17th December 2010
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,052
Thanked 118 Times in 93 Posts
Default

Thanks for update mate, we have several of these here.

Quote:
An immediate fix for this issue has been identified and customers are rapidly being informed of the solution.
Well ... thats bullshit since no one from HP contacted us about that case
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeBSD 8, ZFS storage across four disks DraconianTimes FreeBSD General 4 28th February 2011 08:49 PM
STORAGE: benchmarks results (diskinfo) vermaden FreeBSD General 53 28th November 2010 06:06 PM
Hardware Choosing the Right Solid State Drive for Your Storage Network J65nko News 0 6th March 2010 06:04 PM
Need to access FakeRAID-0 Array on New System Weaseal FreeBSD General 2 17th January 2009 03:48 PM
gmirror array broken stukov FreeBSD General 5 15th July 2008 08:45 PM


All times are GMT. The time now is 06:10 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick