[15017] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RFP2K05 - NetProwler "Fragmentation" Issue

daemon@ATHENA.MIT.EDU (AXENT Security Team)
Wed May 24 14:31:14 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:  <392AD3B3.3E9BE3EA@axent.com>
Date:         Tue, 23 May 2000 12:53:39 -0600
Reply-To: AXENT Security Team <securityteam@AXENT.COM>
From: AXENT Security Team <securityteam@AXENT.COM>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM

NetProwler 3.0 will crash if the Man-in-the-Middle signature encounters
a packet for which the following expression evaluates to true:
    (IP_HEADER_LENGTH + TCP_HEADER_LENGTH) > IP_TOTAL_LENGTH

This is not a packet fragmentation problem.  It is an issue with
specific malformed packets.

This problem has been fixed in NetProwler 3.5, and the code has been
reviewed for other similar issues.

Solutions:
    1. In NetProwler 3.0, disable the Man-in-the-Middle signature for
       all monitored hosts.
    2. Upgrade to NetProwler 3.5 (to be released in June 2000).

References:
    Advisory RF2K05 by rain forest puppy.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[15017] in bugtraq

RFP2K05 - NetProwler "Fragmentation" Issue

daemon@ATHENA.MIT.EDU (AXENT Security Team)Wed May 24 14:31:14 2000

daemon@ATHENA.MIT.EDU (AXENT Security Team)
Wed May 24 14:31:14 2000