lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <55177944720.20030424204654@ptsecurity.ru>
Date: Thu, 24 Apr 2003 20:46:54 +0400
From: Dmitry Maksimov <dmaksimov@...ecurity.ru>
To: bugtraq@...urityfocus.com
Subject: Positive Technologies SA2003-0310: DoS-attack in VisNetic ActiveDefense


               Positive Technologies Security Advisory
                     http://www.ptsecurity.com


        Title: DoS-attack in VisNetic ActiveDefense
         Date: March, 10 2003
     Severity: High
  Application: VisNetic ActiveDefense 1.3.1 and early
     Platform: Windows 95/98/ME/NT/2000/XP
Vendor Status: Notified, patched

 

I. DESCRIPTION 

---------------

A DoS attack vulnerability was reported in VisNetic ActiveDefense 1.3.1.
Positive Technologies reported that the long request sent to Microsoft IIS
through VisNetic ActiveDefense

GET /xxx...xx.htm HTTP/1.0,

where buffer consists of 90 packets (the length of each packet is 100 bytes),
totally blocks computer.

For check this vulnerability you can use http://www.ptsecurity.com/tools/PTvad.zip



II. IMPACT

---------------

Long request blocks entire computer. Just cold restart is possible (Reset button).


III. SOLUTION 

---------------

Install patch
http://www.deerfield.com/download/visnetic_activedefense/


IV. VENDOR FIX/RESPONSE

---------------

Vendor was notified on 14.04.2003.


V. CREDIT

---------------

Positive Technologies is information security company especially focused on
protection of corporate networks from external attacks. The main trend of
PT’s activity is computer networks security audit and service. PT offers
wide range of services in the filed of information security: from network
architecture development or optimization to consulting and custom software
source-code examination.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ