EEP and GSI crash when a PCI Qualys scan is launched against the server hosting Dollar Universe
Article ID: 86250
Updated On:
Products
CA Automic Dollar Universe
Issue/Introduction
Error Message :
On the eep.log of the impacted node, we find these kind of lines at the time that the scan Qualys is launched:
###################
| 2016-05-19 11:02:00 | LScm - Invalid packet received from XXX.XXX.XXX.XXX. Invalid header
###################
| 2016-05-19 11:02:08 | LScm - Error or timeout while receiving packet from XXX.XXX.XXX.XXX (rc=0 errno=0). (received buffer of size 0, iReceivedByteCount=19).
###################
| 2019-01-08 20:11:52 | LScm - Invalid packet received from xxxxxxxxxx. DollarU packet of type 3 with invalid payload size -939524095. 0x00 0xc8 0x00 0x00 0x01 ...
###################
The processes EEP and GSI crash when a PCI Qualys scan is launched against the server hosting Dollar Universe.
On the eep.log of the impacted node, we find these kind of lines at the time that the scan Qualys is launched:
###################
| 2016-05-19 11:02:00 | LScm - Invalid packet received from XXX.XXX.XXX.XXX. Invalid header
###################
| 2016-05-19 11:02:08 | LScm - Error or timeout while receiving packet from XXX.XXX.XXX.XXX (rc=0 errno=0). (received buffer of size 0, iReceivedByteCount=19).
###################
| 2019-01-08 20:11:52 | LScm - Invalid packet received from xxxxxxxxxx. DollarU packet of type 3 with invalid payload size -939524095. 0x00 0xc8 0x00 0x00 0x01 ...
###################
The processes EEP and GSI crash when a PCI Qualys scan is launched against the server hosting Dollar Universe.
Environment
OS: All OS
Dollar Universe 6.x
Dollar Universe 6.x
Cause
Injection of malicious code on the port of the EEP and GSI servers ( by default ports 10604 and 10618).
Resolution
Some corrections have been introduced in Dollar Universe 6.7.01 and Qualys PCI scans (dating around 2016-2017) do not impact the EEP and GSI anymore.
Nevertheless, it seems that new PCI Qualys scans from 2019 provoke a crash of the EEP process again.
If this is the case, please request the Qualys Support to provide the details of the Scan and Vulnerability found and request that Broadcom could test on our labs the same test to fix the vulnerability.
As a workaround: request the Qualys team to exclude the EEP and GSI ports from the Qualys Scan, or the whole server.
Else, request them to change the "Full Scan" to a "Standard Scan" in Qualys, that should also avoid the problem.
Nevertheless, it seems that new PCI Qualys scans from 2019 provoke a crash of the EEP process again.
If this is the case, please request the Qualys Support to provide the details of the Scan and Vulnerability found and request that Broadcom could test on our labs the same test to fix the vulnerability.
As a workaround: request the Qualys team to exclude the EEP and GSI ports from the Qualys Scan, or the whole server.
Else, request them to change the "Full Scan" to a "Standard Scan" in Qualys, that should also avoid the problem.
Feedback
Yes
No
Powered by
