Bugtraq mailing list archives
RSA Aceserver UDP Flood Vulnerability
From: gwen () REPTILES ORG (Gwendolynn ferch Elydyr)
Date: Wed, 12 Jul 2000 15:13:18 -0400
Rather an interesting turnaround from their earlier insistance that there was no problem...
Dear SecurCare Online Customer: ACE/Server UDP Flood Vulnerability A possible UDP flood vulnerability exists in the ACE/Server. This vulnerability indicated that users could send UDP packets to the authentication port UDP 5500, and bring the server process down. To remedy this, RSA Security has developed a patch for ACE/Server v3.3 and v3.3.1 and a hot-fix for v4.0 and v4.1. Minimizing the Possible Threat To further reduce the vulnerability, RSA recommends two things. 1. Place an intrusion detection or traffic monitor on the LAN. Most ACE/Servers are on internal networks behind firewalls. This limits access to the Server's UDP port to people on the local network. UDP attacks are not likely to happen via the Internet. If the internal network has any form of traffic monitoring, such an attempted attack will likely be caught. 2. Install the ACE/Server in a protected environment, such as a DMZ, to block unauthorized access. Patch and Recommendations As a SecurCare Online customer, your current maintenance agreements allows you to get the fix for this problem at no additional charge. Please note that the fix for this problem is both platform and ACE/Server version specific. In other words, be sure you install the correct version of this fix for your ACE/Server platform and version. If you're using ACE/Server v3.3 or v3.3.1, RSA Support recommends that you download and install patch 16 (3.3.16), which includes the fix for this problem. This patch is available at http://knowledge.rsasecurity.com/frameset_patches2.asp. If you are unable to install the 3.3.16 patch, RSA Support recommends that you install the hot-fix for this problem, which can be obtained at ftp://ftp.securid.com/support/outgoing/dos. The minimum recommended patch level for this hot-fix is patch 15 (3.3.15). If you're using ACE/Server v4.0 RSA Support recommends installing the hot-fix available at ftp://ftp.securid.com/support/outgoing/dos. The minimum recommended patch level for this hot-fix is patch 1 (4.0.1). If you're using ACE/Server v4.1 we recommend applying the hot-fix at ftp://ftp.securid.com/support/outgoing/dos.
Current thread:
- Pollit CGI-script opens doors! The Warlock (Jul 11)
- Logdaemon ftpd and setproctitle() Wietse Venema (Jul 10)
- Re: Pollit CGI-script opens doors! jerry (Jul 11)
- REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Eric Hines (Jul 11)
- Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Andrew L . Davis (Jul 11)
- Updated - Microsoft Security Bulletin (MS00-041) Microsoft Product Security (Jul 12)
- Netscape SmartDownload reports file information to AOL John L. Morello (Jul 12)
- RSA Aceserver UDP Flood Vulnerability Gwendolynn ferch Elydyr (Jul 12)
- ftp.pl vulnerability zillion @ safemode (Jul 12)
- ISC DHCP client v2 hole fixed...or not? Pavel Kankovsky (Jul 12)
- cvsweb: remote shell for cvs committers Joey Hess (Jul 12)
- FreeBSD Security Advisory: FreeBSD-SA-00:33.kerberosIV FreeBSD Security Advisories (Jul 12)
- eEye Digital Security ports nmap to Windows NT Marc (Jul 13)
- Lame DoS in WEBactive win65/NT server Prizm (Jul 13)
- Security Bulletins Digest patrick () PINE NL (Jul 13)
- More wIRCSrv stupidity Drew (Jul 13)
- Re: More wIRCSrv stupidity Alex Charalabidis (Jul 13)
- MDKSA-2000:019 cvsweb update Linux Mandrake Security Team (Jul 14)
(Thread continues...)