Vulnerability

    NetApp NetCaches

Affected

    NetApp NetCaches

Description

    Kevin  O'Brien  found  following.    He  discovered  a   extremely
    dangerous  option   in  our   NetCaches.   There   is  an   option
    config.http.tunnel.allow_ports that is set by default to +all that
    allows anyone to tunnel  through your cache to  any tcp port.   He
    discovered this after he found people using it to send spam  email
    by tunneling to port 25 on outside mail servers.

    To see if you are affected, connect to the console of the NetCache
    (not to the HTML gui) and type show config.http.tunnel.allow_ports
    If it says +all you are allowing all ports to be tunneled.

    We should note that this  was setup correctly (!all) in  version 4
    of the OS.  NetApp seemed to imply that the upgrade from v4 to  v5
    caused this.   We guess in  v4 a NULL  value implies !all  and the
    upgrade process replaces NULL with +all (oops).

Solution

    To fix this, type  set config.http.tunnel.allow_ports !all.   This
    will disallow any tunneling.

    If you  have +all  you will  want to  look through  your logs  for
    anything  using  the  CONNECT  method  instead  of GET to see what
    ports outside people connected to.