Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Datacenters and Directory Traversals InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Datacenters and Directory Traversals

Published: 2010-02-10
Last Updated: 2010-02-11 00:30:25 UTC
by Marcus Sachs (Version: 2)
0 comment(s)

We got a couple of interesting emails late in the shift today so I thought I'd lump them into one diary.

Tommy asked, "What happens when a SANS taught security guy builds a datacenter?"  You have to see this to believe it.  He used a former class III safety deposit bank vault and put photos of the construction online at  Nice job!

Ron told us that he "wrote an Nmap script this week to detect a VMWare vulnerability, CVE-2009-3733. It's a nasty one because it's trivial to exploit and potentially incredibly damaging (you can download any file from the filesystem)."  The details of the vulnerability were released last weekend at Shmoocon.  It's a directory traversal issue - remember them?  I thought we figured out ten years ago that this was a Bad ThingTM.  I guess VMWare didn't get the message.  Ron's Nmap script and a description of the issue is at

Marcus H. Sachs
Director, SANS Internet Storm Center

0 comment(s)
Diary Archives