EEP and GSI crash when a PCI Qualys scan is launched against the server hosting Dollar Universe

Document ID : KB000086250
Last Modified Date : 19/02/2019
Show Technical Document Details
Issue:
Error Message :
On the eep.log of the impacted node, we find these kind of lines at the time that the scan Qualys is launched:
###################
| 2016-05-19 11:02:00 | LScm - Invalid packet received from XXX.XXX.XXX.XXX. Invalid header
###################
| 2016-05-19 11:02:08 | LScm - Error or timeout while receiving packet from XXX.XXX.XXX.XXX (rc=0 errno=0). (received buffer of size 0, iReceivedByteCount=19). 
###################
| 2019-01-08 20:11:52 | LScm - Invalid packet received from xxxxxxxxxx. DollarU packet of type 3 with invalid payload size -939524095. 0x00 0xc8 0x00 0x00 0x01 ... 
################### 


The processes EEP and GSI crash when a PCI Qualys scan is launched against the server hosting Dollar Universe.
Environment:
OS: All OS
Dollar Universe 6.x
Cause:
Injection of malicious code on the port of the EEP and GSI servers ( by default ports 10604 and 10618).
Resolution:
Some corrections have been introduced in Dollar Universe 6.7.01 and Qualys  PCI scans (dating around 2016-2017)  do not impact the EEP and GSI anymore.
Nevertheless, it seems that new PCI Qualys scans from  2019 provoke a crash of the EEP process again.

If this is the case, please request the Qualys Support to provide the details of the Scan and Vulnerability found and request that Broadcom could test on our labs the same test to fix the vulnerability.


As a workaround: request the Qualys team to exclude the EEP and GSI ports from the Qualys Scan, or the whole server. 
Else, request them to change the "Full Scan" to a "Standard Scan" in Qualys, that should also avoid the problem.