[15773] in bugtraq
RSA Aceserver UDP Flood Vulnerability
daemon@ATHENA.MIT.EDU (Gwendolynn ferch Elydyr)
Thu Jul 13 20:09:06 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.BSF.3.96.1000712151219.21826Y-100000@komodo.reptiles.org>
Date: Wed, 12 Jul 2000 15:13:18 -0400
Reply-To: Gwendolynn ferch Elydyr <gwen@REPTILES.ORG>
From: Gwendolynn ferch Elydyr <gwen@REPTILES.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
Rather an interesting turnaround from their earlier insistance that there was
no problem...
> Dear SecurCare Online Customer:
>
> ACE/Server UDP Flood Vulnerability
> A possible UDP flood vulnerability exists in the ACE/Server. This
> vulnerability indicated that users could send UDP packets to the
> authentication port UDP 5500, and bring the server process down.
>
> To remedy this, RSA Security has developed a patch for ACE/Server v3.3 and
> v3.3.1 and a hot-fix for v4.0 and v4.1.
>
> Minimizing the Possible Threat
> To further reduce the vulnerability, RSA recommends two things.
>
> 1. Place an intrusion detection or traffic monitor on the LAN.
>
> Most ACE/Servers are on internal networks behind firewalls. This limits
> access to the Server's UDP port to people on the local network. UDP
> attacks are not likely to happen via the Internet. If the internal network
> has any form of traffic monitoring, such an attempted attack will likely
> be caught.
>
> 2. Install the ACE/Server in a protected environment, such as a DMZ, to
> block unauthorized access.
>
> Patch and Recommendations
> As a SecurCare Online customer, your current maintenance agreements allows
> you to get the fix for this problem at no additional charge. Please note
> that the fix for this problem is both platform and ACE/Server version
> specific. In other words, be sure you install the correct version of this
> fix for your ACE/Server platform and version.
>
> If you're using ACE/Server v3.3 or v3.3.1, RSA Support recommends that you
> download and install patch 16 (3.3.16), which includes the fix for this
> problem. This patch is available at
> http://knowledge.rsasecurity.com/frameset_patches2.asp. If you are unable
> to install the 3.3.16 patch, RSA Support recommends that you install the
> hot-fix for this problem, which can be obtained at
> ftp://ftp.securid.com/support/outgoing/dos. The minimum recommended patch
> level for this hot-fix is patch 15 (3.3.15).
>
> If you're using ACE/Server v4.0 RSA Support recommends installing the
> hot-fix available at ftp://ftp.securid.com/support/outgoing/dos. The
> minimum recommended patch level for this hot-fix is patch 1 (4.0.1).
>
> If you're using ACE/Server v4.1 we recommend applying the hot-fix at
> ftp://ftp.securid.com/support/outgoing/dos.
