VMware Cloud Community
J1mbo
Virtuoso
Virtuoso
‎04-16-2010 03:57 AM

ESX DoS Vulnerability in iSCSI?

Morning all

I've come across a PSOD issue with ESX that feels like a possible DoS vulnerability in the sw iSCSI kernel of ESX and ESXi. Please see attached graphic.

Steps to reproduce:

1. Attach iSCSI LUN to a running Windows VM provided by StarWind 5.2

2. Run IO Meter on the guest using sequential write test for a while.

3. Stop the test.

4. Disconnect the LUN using vSphere client in the usual way.

5. Attempt reconnection of the LUN, selecting use existing vmdk then browse to folder on iSCSI LUN with vmdk

At this point the host will stop with the attached PSOD. Affects all builds of v4 that I've tested (earliest was 171xxx).

Although the LUN is provided by StarWind, the very fact that the PSOD is on ESX/ESXi (StartWind survives no problem) coupled with the sniffability of iSCSI suggests to me this could represent a security vulnerability, although I should note I've not yet managed to replay the disconnect request that seems to cause the PSOD.

Any thoughts greatly appreciated.

Thanks

Preview file
46 KB
0 Kudos
2 Replies
binoche
VMware Employee
VMware Employee
‎04-16-2010 05:59 AM

cool!

are you using iSCSI lun as RDM?

does this PSOD coredump save successfully, could you please upload it? thanks very much

binoche, VMware VCP, Cisco CCNA

0 Kudos
J1mbo
Virtuoso
Virtuoso
‎04-16-2010 07:36 AM

I do, but it is too large (32MB) for here unfortunately.

0 Kudos