Bugtraq mailing list archives
RFP2K05 - NetProwler "Fragmentation" Issue
From: securityteam () AXENT COM (AXENT Security Team)
Date: Tue, 23 May 2000 12:53:39 -0600
NetProwler 3.0 will crash if the Man-in-the-Middle signature encounters
a packet for which the following expression evaluates to true:
(IP_HEADER_LENGTH + TCP_HEADER_LENGTH) > IP_TOTAL_LENGTH
This is not a packet fragmentation problem. It is an issue with
specific malformed packets.
This problem has been fixed in NetProwler 3.5, and the code has been
reviewed for other similar issues.
Solutions:
1. In NetProwler 3.0, disable the Man-in-the-Middle signature for
all monitored hosts.
2. Upgrade to NetProwler 3.5 (to be released in June 2000).
References:
Advisory RF2K05 by rain forest puppy.
Current thread:
- Re: Another hole in Cart32 sert sert (May 22)
- Qpopper 2.53 remote problem, user can gain gid=mail Prizm (May 23)
- Re: Qpopper 2.53 remote problem, user can gain gid=mail Jose Nazario (May 24)
- Re: Qpopper 2.53 remote problem, user can gain gid=mail Qpopper Support (May 24)
- Re: Qpopper 2.53 remote problem, user can gain gid=mail Sebastian (May 25)
- RFP2K05 - NetProwler "Fragmentation" Issue AXENT Security Team (May 23)
- Re: Another hole in Cart32 CDI (May 23)
- <Possible follow-ups>
- Re: Another hole in Cart32 Clover Andrew (May 23)
- Re: Another hole in Cart32 Justin King (May 24)
- Qpopper 2.53 remote problem, user can gain gid=mail Prizm (May 23)