Promise VTrak M500f/Support Case Log: Difference between revisions
From fakedWiki
No edit summary |
No edit summary |
||
| Line 130: | Line 130: | ||
When did you update the firmware the last time?|Response By:- Sergiy Voskoboynikov|3rd August 2011 at 3:53}} | When did you update the firmware the last time?|Response By:- Sergiy Voskoboynikov|3rd August 2011 at 3:53}} | ||
{{Quote|Please read the previous conversation, i got it when the / partition was full the last time. serial console, et voilá. | {{Quote|Please read the previous conversation, i got it when the / partition was full the last time. serial console, et voilá. | ||
As you should see from the logs, the most recent firmware version is installed, i did that somewhen this year. | As you should see from the logs, the most recent firmware version is installed, i did that somewhen this year.|Request:- |3rd August 2011 at 3:56}} | ||
{{Quote|Did the problem start after the firmware update? It is obvious that firmware code is damaged. The possible solution could be to re-flash the controller.|Response By:- Sergiy Voskoboynikov |3rd August 2011 at 4:8}} | |||
{{Quote|Did the problem start after the firmware update? It is obvious that firmware code is damaged. The possible solution could be to re-flash the controller. | |||
{{Quote|I'm not really sure if you understood what i said, the issue it that the / partition is being filled up with the php-error.log because there's badly written PHP code in the webinterface. That, or a not-so-optimal setting for error reporting. To me it's no surprise that the CLI bails out and drops me to a root shell when it rans out of resources. | {{Quote|I'm not really sure if you understood what i said, the issue it that the / partition is being filled up with the php-error.log because there's badly written PHP code in the webinterface. That, or a not-so-optimal setting for error reporting. To me it's no surprise that the CLI bails out and drops me to a root shell when it rans out of resources. | ||
To answer your question, the problem existed before the update, that's why i updated the firmware - but now i know it's not a problem with the controller firmware, but rather with the webinterface. | To answer your question, the problem existed before the update, that's why i updated the firmware - but now i know it's not a problem with the controller firmware, but rather with the webinterface. | ||
Please, read my previous messages! | Please, read my previous messages!|Request:- |3rd August 2011 at 4:22}} | ||
{{Quote|I did carefully study your previous messages and I just need to ask you some additional questions to understand what is wrong with system. | {{Quote|I did carefully study your previous messages and I just need to ask you some additional questions to understand what is wrong with system. | ||
It really looks like that controller of the system is deffective and needs to be replaced. | It really looks like that controller of the system is deffective and needs to be replaced. | ||
You mentioned that you got a message that /tmp is full. I assume, that message was in browser, right? Can I see the full error message? | You mentioned that you got a message that /tmp is full. I assume, that message was in browser, right? Can I see the full error message?|Response By:- Sergiy Voskoboynikov |3rd August 2011 at 4:29}} | ||
{{Quote|Yes, that message was in the browser, but i don't have it anymore, because i purged the logfile in islavista. i'm about to try to force it to fill up again, let's see if this is exploitable ... islavista over telnet, without authentication, would be pretty serious.|Request:- |3rd August 2011 at 4:32}} | |||
{{Quote|I assume that system has hardware problem that generates this logfile. In the event log there are many HDD timeouts and resets. | {{Quote|I assume that system has hardware problem that generates this logfile. In the event log there are many HDD timeouts and resets. | ||
So are you able to run the web management now? | So are you able to run the web management now?|Response By:- Sergiy Voskoboynikov |3rd August 2011 at 4:47}} | ||
{{Quote|Okay, you didn't read my messages. It's not the hardware. | {{Quote|Okay, you didn't read my messages. It's not the hardware. | ||
I'm really considering doing a Full Disclosure now. | I'm really considering doing a Full Disclosure now. | ||
Potential remote root access via Telnet should be made public, if you're not willing to understand the very simple issue that causes this. | Potential remote root access via Telnet should be made public, if you're not willing to understand the very simple issue that causes this. | ||
(But, to be polite and answer your question: Yes, i can access the web management, AFTER GETTING ROOT ACCESS and freeing up some space manually.) | (But, to be polite and answer your question: Yes, i can access the web management, AFTER GETTING ROOT ACCESS and freeing up some space manually.)|Request:- |3rd August 2011 at 4:53}} | ||
{{Quote|I understand you very well. The fact is that with healthy system you absolutely should not get the root access and being able to manipulate with file system. And device has very serious problem if you can do this. In addition, there are unhealthy messages in the event log of the subsystem. | {{Quote|I understand you very well. The fact is that with healthy system you absolutely should not get the root access and being able to manipulate with file system. And device has very serious problem if you can do this. In addition, there are unhealthy messages in the event log of the subsystem. | ||
It is not nessesary to open the telnet session. The controler of the system must be replaced. | It is not nessesary to open the telnet session. The controler of the system must be replaced.|Response By:- Sergiy Voskoboynikov|3rd August 2011 at 4:59}} | ||
{{Quote|Are you kidding me? Are you fucking kidding me? Please, go through my messages and tell me what i wrote that is causing the / partition to fill up, because if you don't, i'll hit "publish" and make this open to the public. | {{Quote|Are you kidding me? Are you fucking kidding me? Please, go through my messages and tell me what i wrote that is causing the / partition to fill up, because if you don't, i'll hit "publish" and make this open to the public. | ||
You didn't even understand what i want to use Telnet for, did you? I will use Telnet to see if i can get the islavista shell even via network, instead of only via the serial console, to make this "root exploit" a "remote root exploit". | You didn't even understand what i want to use Telnet for, did you? I will use Telnet to see if i can get the islavista shell even via network, instead of only via the serial console, to make this "root exploit" a "remote root exploit". | ||
Please, look up "Full Disclosure" on Wikipedia. | Please, look up "Full Disclosure" on Wikipedia.|Request:- |3rd August 2011 at 5:6}} | ||
{{Quote|Dear Jan, | {{Quote|Dear Jan, | ||
I am not going to continue the conversation unless you will change your way of talking. | I am not going to continue the conversation unless you will change your way of talking. | ||
I just can repeat you one more time, you should not even know the word "islavista" related to this device. You need a new controller. | I just can repeat you one more time, you should not even know the word "islavista" related to this device. You need a new controller.|Response By:- Sergiy Voskoboynikov|3rd August 2011 at 5:12}} | ||
{{Quote|We could have sorted this out nice and easy, if you would have understood the basic problem that has nothing to do with any piece of hardware at all, but only with your sub-par PHP code and configuration. | {{Quote|We could have sorted this out nice and easy, if you would have understood the basic problem that has nothing to do with any piece of hardware at all, but only with your sub-par PHP code and configuration. | ||
I'll call your marketing dept, let's see what they say about this vulnerability. If you have any stock options with Promise, better sell them off quickly. | I'll call your marketing dept, let's see what they say about this vulnerability. If you have any stock options with Promise, better sell them off quickly.|Request:- |3rd August 2011 at 5:17}} | ||
'''Date of closure:''' 8/3/2011 5:19:08 AM | |||
'''Reason for closure:''' Customer refuses the solution and suggested to sell Promise stocks. | |||
Reason for closure: Customer refuses the solution and suggested to sell Promise stocks. | |||
{{Quote|You didn't even understand THAT: i don't need a solution, i really don't care about this storage, it's just an old backup, long out of warranty, not really used for anything serious. | {{Quote|You didn't even understand THAT: i don't need a solution, i really don't care about this storage, it's just an old backup, long out of warranty, not really used for anything serious. | ||
but YOU need a solution, and that's how to fix this vulnerability in YOUR storage firmware. | but YOU need a solution, and that's how to fix this vulnerability in YOUR storage firmware. | ||
ah, fuck it, you won't understand it anyway. | ah, fuck it, you won't understand it anyway.|Request:- |3rd August 2011 at 5:35}} | ||
{{Quote|We do appreciate that you found a problem with our system. This system is already discontinued and we do not plan the updates. | {{Quote|We do appreciate that you found a problem with our system. This system is already discontinued and we do not plan the updates. | ||
However, I will pass this information to our developers. | However, I will pass this information to our developers. | ||
Thank you. | Thank you.|Response By:- Sergiy Voskoboynikov |3rd August 2011 at 6:5}} | ||
Date of closure: 8/3/2011 5:38:14 AM | |||
Reason for closure: Closed by the user, since the error does not exist any more ! | '''Date of closure:''' 8/3/2011 5:38:14 AM | ||
'''Reason for closure:''' Closed by the user, since the error does not exist any more ! | |||
{{Quote|Customer will disclose the exploit on the internet as this is a security gap.|Response By:- Joris Piepers|3rd August 2011 at 6:26}} | |||
{{Quote|Customer will disclose the exploit on the internet as this is a security gap. | |||
Response By:- Joris Piepers 3rd August 2011 at 6:27 | {{Quote|as this is a exploit.|Response By:- Joris Piepers|3rd August 2011 at 6:27}} | ||
{{Quote|Hello Jan Grewe, | {{Quote|Hello Jan Grewe, | ||
Can you please disclose the website where you are going to disclose this info? | Can you please disclose the website where you are going to disclose this info?|Response By:- Joris Piepers|3rd August 2011 at 7:20}} | ||
{{Quote|Hi Joris, | {{Quote|Hi Joris, | ||
| Line 220: | Line 205: | ||
cheers, | cheers, | ||
Jan | Jan|Request:- |3rd August 2011 at 7:29}} | ||
{{Quote|Dear Jan, | {{Quote|Dear Jan, | ||
Could you share with us what exactly are you going to publish? | Could you share with us what exactly are you going to publish?|Response By:- Sergiy Voskoboynikov|5th August 2011 at 0:9}} | ||
{{Quote|Hi Sergiy, | {{Quote|Hi Sergiy, | ||
i'm still working on the full analysis of the M500f's firmware, so i can apply it to the firmware for other of your devices, but here's my progress to far: http://faked.org/wiki/Promise_VTrak_M500f | i'm still working on the full analysis of the M500f's firmware, so i can apply it to the firmware for other of your devices, but here's my progress to far: http://faked.org/wiki/Promise_VTrak_M500f | ||
In theory that should be enough proof for everybody to reproduce the results, but i want to make this watertight: could you point me to where the mtdblocks that get mounted to /islavista/[conf+fw+sw] come from, and where i can find the file "update.sr3"? Thanks! | In theory that should be enough proof for everybody to reproduce the results, but i want to make this watertight: could you point me to where the mtdblocks that get mounted to /islavista/[conf+fw+sw] come from, and where i can find the file "update.sr3"? Thanks!|Request:- |5th August 2011 at 2:16}} | ||
{{Quote|Hi Jan, | {{Quote|Hi Jan, | ||
| Line 246: | Line 228: | ||
Now if i wouldn't have to find out myself how to get them, but just get them, there's nothing i could publish, right? | Now if i wouldn't have to find out myself how to get them, but just get them, there's nothing i could publish, right? | ||
On a sidenote, where do you provide the sourcecode for your firmware? As you're using GPL licensed code, you MUST release the corresponding source code, in case you didn't know... a good starting point: http://gpl-violations.org/faq/vendor-faq.html | On a sidenote, where do you provide the sourcecode for your firmware? As you're using GPL licensed code, you MUST release the corresponding source code, in case you didn't know... a good starting point: http://gpl-violations.org/faq/vendor-faq.html|Response By:- Sergiy Voskoboynikov |5th August 2011 at 3:14}} | ||
Revision as of 13:21, 5 August 2011
Date of closure: 8/3/2011 5:19:08 AM
Reason for closure: Customer refuses the solution and suggested to sell Promise stocks.
Date of closure: 8/3/2011 5:38:14 AM
Reason for closure: Closed by the user, since the error does not exist any more !
{{Quote|Hi Jan,
Now you're more specific. We could more constructive dialog from the beginning. I will need to perform some tests and I will contact you again with the results.
As for information that you ask, I could not provide it to you now because this information is confidential.
Request:- 5th August 2011 at 3:30 Template:Quote