Core Security Technologies Discovers Vulnerability in IBM SolidDB Memory Caching Software

CORE SECURITY TECHNOLOGIES DISCOVERS VULNERABILITY IN ibm SOLID db
MEMORY CACHING SOFTWARE

Widespread Use of SolidDB in Other Vendors’ Products Broadens Scope
of DoS Vulnerability

BOSTON, MA – Nov. 18, 2009 - Core Security Technologies, provider of the CORE IMPACT family of comprehensive enterprise security testing solutions, today issued an advisory disclosing a vulnerability that could affect large numbers of organizations using IBM’s SolidDB relational database management system, as well as those organizations using the many third party products in which the IBM technology has been integrated.



A vulnerability researcher working in CoreLabs, the research arm of Core Security Technologies, found that by sending certain packets of information to systems using SolidDB it is possible to trigger a non-recoverable error in the program and thus terminate related server processes, creating the potential for remote denial-of-service (DoS) attacks. As a result, many other products that utilize SolidDB are also vulnerable to the same type of compromise.



IBM issued a SolidDB update that addresses the vulnerability (SolidDB/Universal Cache 6.3 Fix Pack 3) on Nov. 13, 2009. The vendor claims that there are currently over 3 million deployments of SolidDB in various telecommunications networks, enterprise applications, and embedded software and systems, including use in products made by Cisco, HP, Alcatel, and Nokia Siemens. 



In a related announcement, HP issued a security advisory addressing a vulnerability in the database server core component of its Openview Network Node Manager. CoreLabs researchers first discovered the involved HP NNM vulnerability and reported it to the vendor as well.



CoreLabs researcher Damian Frizza is credited with discovering the SolidDB vulnerability.



“One of the important issues highlighted by this discovery is how vulnerabilities resident in these types of technologies that are widely used in other products can have a chain reaction in exposing large numbers of organizations to potential attacks,” said Ivan Arce, CTO of Core Security Technologies. “This is one of the main reasons why it is so important for technology partners to have dedicated vulnerability and security response processes in place when they license each others’ products – to ensure that all affected end users can be advised of any problems as soon as possible when the issues are discovered to help protect themselves.”



Vulnerability Specifics

CoreLabs initially discovered the vulnerability in IBM SolidDB as part of its ongoing research efforts into security issues found in other products that utilize the in-memory caching software, namely HP OpenView NMM. The DoS flaw specifically affects IBM SolidDB Server versions 6.30.0.29 and 6.30.0.33. Other versions may also be vulnerable but were not tested by Core.



The IBM SolidDB product family consists of relational, in-memory database technology that promises to accelerate the speed and performance of database applications via the use of SQL coding.



In addition to use in third party technologies, the in-memory database is also leveraged as core component of IBM's SolidDB Universal Cache, a performance improvement application for relational databases such as IBM DB2, Microsoft SQL Server, Oracle and Informix products.



CoreLabs researchers discovered a remotely exploitable vulnerability in the database server core component of SolidDB. Exploitation of the bug does not require authentication and will lead to a remotely triggered denial-of-service of the database service.



Specifically, IBM SolidDB server listens and accepts remote connections on port 2315/tcp. The service is implemented by 'solid.exe' which is started automatically on boot of the program. For certain transactions, upon receiving a packet from the network the service will attempt to determine and display an error code string based on a error code number specified in the packet.

By sending a specially crafted packet with an invalid error code number it is possible to trigger an exception that forces abnormal termination of the involved SolidDB service.

Based on CoreLabs’ research it appears unlikely that the vulnerability could be exploited for anything other than remote DoS attacks.

IBM’s SolidDB/Universal Cache 6.3 Fix Pack 3 which addresses the DoS problem is available at:

http://www-01.ibm.com/support/docview.wss?rs=0&q1=solidb&uid=swg24024510

For more information on this vulnerability and the systems affected, please visit:

http://www.coresecurity.com/content/ibm-soliddb-errorcode-dos

About CoreLabs

CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. Research is conducted in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing and cryptography. Results from these efforts include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies.

CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at:  http://www.coresecurity.com/corelabs/.



About Core Security Technologies

Core Security Technologies is the leader in commercial-grade penetration testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk and assure security effectiveness. The company’s CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company’s Security Consulting Services, CoreLabs and Engineering groups. Based in Boston, Mass. and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at: http://www.coresecurity.com.



Contacts:

Tim Whitman or Megan Prock

Schwartz Communications

781 684-0770

coresecurity@schwartz-pr.com

Wed, November 18