Positive Technologies SA2003-0310: DoS-attack in VisNetic ActiveDefense

From: Dmitry Maksimov (dmaksimov@ptsecurity.ru)
Date: 04/24/03

  • Next message: David F. Madrid: "Permanent crash in Opera 7.10"
    Date: Thu, 24 Apr 2003 20:46:54 +0400
    From: Dmitry Maksimov <dmaksimov@ptsecurity.ru>
    To: bugtraq@securityfocus.com
    
    

                   Positive Technologies Security Advisory
                         http://www.ptsecurity.com

            Title: DoS-attack in VisNetic ActiveDefense
             Date: March, 10 2003
         Severity: High
      Application: VisNetic ActiveDefense 1.3.1 and early
         Platform: Windows 95/98/ME/NT/2000/XP
    Vendor Status: Notified, patched

     

    I. DESCRIPTION

    ---------------

    A DoS attack vulnerability was reported in VisNetic ActiveDefense 1.3.1.
    Positive Technologies reported that the long request sent to Microsoft IIS
    through VisNetic ActiveDefense

    GET /xxx...xx.htm HTTP/1.0,

    where buffer consists of 90 packets (the length of each packet is 100 bytes),
    totally blocks computer.

    For check this vulnerability you can use http://www.ptsecurity.com/tools/PTvad.zip

    II. IMPACT

    ---------------

    Long request blocks entire computer. Just cold restart is possible (Reset button).

    III. SOLUTION

    ---------------

    Install patch
    http://www.deerfield.com/download/visnetic_activedefense/

    IV. VENDOR FIX/RESPONSE

    ---------------

    Vendor was notified on 14.04.2003.

    V. CREDIT

    ---------------

    Positive Technologies is information security company especially focused on
    protection of corporate networks from external attacks. The main trend of
    PTís activity is computer networks security audit and service. PT offers
    wide range of services in the filed of information security: from network
    architecture development or optimization to consulting and custom software
    source-code examination.


  • Next message: David F. Madrid: "Permanent crash in Opera 7.10"