[NT] DoS Vulnerability Found in VisNetic ActiveDefense

• Previous message: support_at_securiteam.com: "[NT] Internet Explorer ActiveX Control Heap Overflow (Plugin.ocx, Load)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 26 Apr 2003 21:41:33 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

In the US?

Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!

Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -

  DoS Vulnerability Found in VisNetic ActiveDefense
------------------------------------------------------------------------

SUMMARY

 <http://www.deerfield.com/products/visnetic_activedefense/> VisNetic
ActiveDefense is "powerful Intrusion Detection for Internet servers,
providing an additional layer of defense in an organization's security
model. VisNetic ActiveDefense scans open ports to web or email servers for
malicious activity, and automatically blocks these attacks". A remotely
exploitable denial of service vulnerability has been found in the product
allowing a remote attacker to cause the product to block legitimate user's
requests from being handled.

DETAILS

Vulnerable systems:
 * VisNetic ActiveDefense version 1.3.1 and early

A DoS attack vulnerability was found in VisNetic ActiveDefense, the
vulnerability is caused by sending long requests to the Microsoft IIS
through VisNetic ActiveDefense. The requests should be constructed as
follows:
GET /xxx...xx.htm HTTP/1.0

Where the buffer consists of 90 packets, where each one is set to a length
of 100 bytes.

Solution:
Install the patch available at:
<http://www.deerfield.com/download/visnetic_activedefense/>
http://www.deerfield.com/download/visnetic_activedefense/

ADDITIONAL INFORMATION

The information has been provided by <mailto:dmaksimov@ptsecurity.ru>
Dmitry Maksimov.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: support_at_securiteam.com: "[NT] Internet Explorer ActiveX Control Heap Overflow (Plugin.ocx, Load)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]