ServerWatch News Briefs for May 9, 2004
- Gateway Expands Entry-Level Server Line
- Vulnerabilities Found in Titan, Sambar
- VShell 2.3 Deemed Production Ready
- AMCC to Release New SATA RAID Controllers
Gateway has added two entry servers to its product portfolio: the rack-mountable 9115 and the tower 9210. Both offerings are designed to function as a small business server or an edge server for larger organizations. The two servers are single-processor units that support 800 MHz Intel Celeron or Pentium 4 CPUs.
In addition to being a good fit for a small business buying its first server, Scott Weinbrandt, senior vice president at Gateway, said the 9115 and the 9210 also are well-suited for duty as e-mail, print, Web, cache, or other edge-of-network servers for organizations with up to 1,000 users. However, Weinbrandt noted that the servers aren't designed for mission-critical, transaction-processing applications.
The Gateway 9115 is 1U form factor server priced at $899, and the 9210 comes in a tower configuration priced at $499. Both ship standard with a Celeron processor (a Pentium 4 version is available), two integrated network ports (one Gigabit port and one 10/100 port), an 80 GB SATA drive (the 9210 features two drives), up to 4 GB of DDR400 ECC memory, and RAID 0/1 on the motherboard. The servers support Windows Server 2003 Enterprise, Standard, Web and Small Business Server Editions. Additional SATA or SCSI drives are also available.
While Gateway's name may be in the news these days for its falling stock price and the closure of its Gateway stores, the company's server strategy is on track, according to Lloyd Cohen, director, Worldwide Market Analysis, Global Enterprise Server Solutions Group at IDC. "Their PC business appears to be in turmoil, but that's not the case for servers. Gateway's server business is stable. It's important to separate the two [the PC business and the server business]. Otherwise it could seem like a negative story and it's not a negative story. They have made advancements."
Secunia Wednesday issued an advisory for South River's Titan FTP Server 3.x, specifically, 3.10 build 163. The warning rank is a moderately-critical vulnerability that can be exploited to cause a denial of service attack. Specifically, it is possible for a malicious user to cause the application to access an invalid socket and crash by issuing a LIST command and then disconnecting immediately.
South River released version 3.10 build 169 to resolve this problem.
Multiple vulnerabilites and security issues were also found in versions 5.x and 6.x of Sambar Server. The latest production release, v6.0.1, is not vulnerable.
These vulnerabilites could allow malicious users to compromise a vulnerable system and conduct cross-site scripting attacks with the following:
- Proxy functionalities are accessible with the creation of an HTTP keep-alive connection to the Sambar Web server.
- User input passed to various parameters isn't sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site by tricking the user into visiting a malicious Web site or to follow a specially crafted link.
- An unspecified boundary error affects certain versions of Sambar Server 6.0.
The new version supports Windows 2003, Red Hat Enterprise, Sun Solaris, AIX, and FreeBSD.
VShell 2.3 brings file transfer privileges in its Unix platform up to par with those available for its Windows server. Its SFTP virtual directories aim to provide administrators with access to a specific set of folders on the server for each user or group. It also adds Unix-keyboard-interactive authentication to support RSA Security's SecurID token via the Pluggable Authentication Module (PAM) open standard.
VShell is available in three editions: Administrator, Workgroup, or Enterprise, and in Starter Kits that include client licenses for SecureCRT and SecureFX. All VShell editions offer the same features; they vary only in the number of concurrent connections allowed.
A fully-functional evaluation copy of VShell is available for download. It offers full access to VanDyke's technical support for assistance with installation, configuration, and testing.
Applied Micro Circuits Corporation will release a batch of faster Serial ATA (SATA) RAID controllers Monday. The new controllers are designed to provide advanced RAID tools and features for greater data protection and ease of system configuration and management. They will be available worldwide in 4-, 8-, and 12-port configurations.
The new family of SATA controllers hails from the segment of the company that was formerly 3ware (AMCC recently announced the acquisition of 3ware). The controllers are based on the company's StorSwitch switched RAID architecture, and provide scalable capacity up to 4.8 TB per controller, using 400 GB drives, and total system capacity limited only to available PCI slots. AMCC's advanced hardware RAID architecture features an on-board processor and an integrated RAID ASIC that offloads RAID controller functions from the host CPU, thus leaving server processing to its core applications.
The new controllers are designed to support upcoming 64-bit computing applications. They support single arrays of up to 4.8 TB via 64-bit LBAs on one controller. The 3ware 9000 Series platform is designed to protect the customer's investment in RAID. It offers online capacity expansion 1, RAID level Migration1, Battery Backup, and enclosure management services via an integrated I2C bus.
The 3ware 9000 Series controllers come with Multi-lane Internal connectors for high capacity industrial environments. The controllers include a highly reliable, locking cable/connector system that combines 4 SATA ports into one on the controller side. The 12-port configurations feature three integrated connectors, and the 8-port configuration offers two integrated connectors.
The 3ware 9000 Series of RAID controllers will ship with a three-year warranty and are compatible with Windows 2003/XP/2000, Red Hat Linux, SUSE Linux, and FreeBSD operating systems.