Title:  Innovation Data Processing FDR Port Scan DoS
Release Date:  2009-10-14
 Application:  Innovation Data Processing FDR <unknown>
   Cross Ref:  CVE-2006-6404, OSVDB 30782

Description:
------------

Innovation Data Processing's FDR Backup application is prone to a denial of
service (DoS) condition. The loss of service can occur when the application
is scanned with a common port scan utility (such as Nmap). When the application
receives a typical TCP based port scan, it may stop accepting incoming 
connections and fail to process legitimate requests for backup.

Product Details:
----------------
     
 Vendor:  Innovation Data Processing
Product:  FDR
Version:  <unknown>

Proof of Concept:
-----------------

# nmap -sS -p 1-65535 [target]

Solution:
---------

FDR tested this on all current products at the time of reporting
and could not reproduce the issue.

Upgrade to the latest version of FDR, as it properly handles port
scan activity.

Disclosure Timeline:
--------------------

2005-04-15: Vulnerability Discovered
2007-02-28: Disclosed to Vendor via e-mail to support@fdrinnovation.com

CVE:
----

This issue is a candidate for inclusion in the Common Vulnerabilities and 
Exposures (CVE) list (http://cve.mitre.org), which standardizes names for 
security problems. The CVE initiative has assigned CVE Candidate 
CVE-2006-6404 to this issue.

References:
-----------

OSVDB: http://osvdb.org/30782
Vendor: http://www.innovationdp.fdr.com/products/fdr/fdr.cfm
Nmap: http://insecure.org/nmap/
DoS Information: http://en.wikipedia.org/wiki/Denial-of-service_attack

Credit:
-------

Anonymous