Details of VAR-200409-0059

ID

VAR-200409-0059

CVE

CVE-2004-1663

TITLE

LSI Logic storage controllers Security hole

Trust: 0.6

sources: CNNVD: CNNVD-200409-010

DESCRIPTION

Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. It is reported that hardware based on Engenio Storage Controllers are prone to a remote denial of service vulnerability. This could also result reportedly result in unrecoverable corruption of data. Affected hardware includes Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches. Other devices may be affected such as other Storagetek and IBM FastT storage controllers, SGI, and Teradata storage controllers though this has not confirmed. The problem may exist in the underlying vxWorks operating system though this has also not been confirmed

Trust: 1.26

sources: NVD: CVE-2004-1663 // BID: 11108 // VULHUB: VHN-10093

AFFECTED PRODUCTS

vendor:	brocade	model:	silkworm fiber channel switch	scope:	eq	version:	2050	Trust: 1.9
vendor:	brocade	model:	silkworm fiber channel switch	scope:	eq	version:	2040	Trust: 1.9
vendor:	brocade	model:	silkworm fiber channel switch	scope:	eq	version:	2010	Trust: 1.9
vendor:	brocade	model:	silkworm	scope:	eq	version:	3900	Trust: 1.9
vendor:	brocade	model:	silkworm	scope:	eq	version:	3850	Trust: 1.9
vendor:	brocade	model:	silkworm	scope:	eq	version:	3800	Trust: 1.9
vendor:	brocade	model:	silkworm	scope:	eq	version:	3250	Trust: 1.9
vendor:	brocade	model:	silkworm	scope:	eq	version:	3200	Trust: 1.9
vendor:	engenio	model:	storage controller	scope:	eq	version:	5884	Trust: 1.3
vendor:	engenio	model:	storage controller	scope:	eq	version:	4884	Trust: 1.3
vendor:	engenio	model:	storage controller	scope:	eq	version:	2882	Trust: 1.3
vendor:	engenio	model:	storage controller	scope:	eq	version:	2822	Trust: 1.3
vendor:	broadcom	model:	fabric operating system	scope:	eq	version:	2.1.2	Trust: 1.0
vendor:	broadcom	model:	fabric operating system	scope:	eq	version:	2.2	Trust: 1.0
vendor:	broadcom	model:	fabric operating system	scope:	eq	version:	3.1	Trust: 1.0
vendor:	ibm	model:	ds4100	scope:	eq	version:	*	Trust: 1.0
vendor:	storagetek	model:	d280	scope:	eq	version:	*	Trust: 1.0
vendor:	storagetek	model:	d280	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	ds4100	scope:	-	version:	-	Trust: 0.3
vendor:	brocade	model:	fabric os	scope:	eq	version:	3.1	Trust: 0.3
vendor:	brocade	model:	fabric os	scope:	eq	version:	2.2	Trust: 0.3
vendor:	brocade	model:	fabric os	scope:	eq	version:	2.1.2	Trust: 0.3

sources: BID: 11108 // CNNVD: CNNVD-200409-010 // NVD: CVE-2004-1663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1663
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200409-010
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-10093
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-1663
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10093
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10093 // CNNVD: CNNVD-200409-010 // NVD: CVE-2004-1663

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1663

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200409-010

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200409-010

EXTERNAL IDS

db:	BID	id:	11108	Trust: 2.0
db:	NVD	id:	CVE-2004-1663	Trust: 1.7
db:	SECUNIA	id:	12464	Trust: 1.7
db:	CNNVD	id:	CNNVD-200409-010	Trust: 0.7
db:	VULHUB	id:	VHN-10093	Trust: 0.1

sources: VULHUB: VHN-10093 // BID: 11108 // CNNVD: CNNVD-200409-010 // NVD: CVE-2004-1663

REFERENCES

url:	http://www.securityfocus.com/bid/11108	Trust: 1.7
url:	http://secunia.com/advisories/12464	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17290	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=109435831811484&w=2	Trust: 1.6
url:	http://www.storagetek.com/products/category_page2004.html	Trust: 0.3
url:	http://www.engenio.com/	Trust: 0.3
url:	http://www.storage.ibm.com/disk/fastt/	Trust: 0.3
url:	/archive/1/374246	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=109435831811484&w=2	Trust: 0.1

sources: VULHUB: VHN-10093 // BID: 11108 // CNNVD: CNNVD-200409-010 // NVD: CVE-2004-1663

CREDITS

Discovery is credited to Frank Denis.

Trust: 0.9

sources: BID: 11108 // CNNVD: CNNVD-200409-010

SOURCES

db:	VULHUB	id:	VHN-10093
db:	BID	id:	11108
db:	CNNVD	id:	CNNVD-200409-010
db:	NVD	id:	CVE-2004-1663

LAST UPDATE DATE

2024-08-14T15:15:07.573000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10093	date:	2017-07-11T00:00:00
db:	BID	id:	11108	date:	2004-09-04T00:00:00
db:	CNNVD	id:	CNNVD-200409-010	date:	2021-06-27T00:00:00
db:	NVD	id:	CVE-2004-1663	date:	2021-06-22T15:19:34.840

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10093	date:	2004-09-04T00:00:00
db:	BID	id:	11108	date:	2004-09-04T00:00:00
db:	CNNVD	id:	CNNVD-200409-010	date:	2004-09-04T00:00:00
db:	NVD	id:	CVE-2004-1663	date:	2004-09-04T04:00:00