SecurityTracker.com Archives - VisNetic ActiveDefense Can Be Crashed By Remote Users

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Issue multiple certificates with Thawte SPKI

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Security) > VisNetic ActiveDefense

Vendors: Deerfield.com

VisNetic ActiveDefense Can Be Crashed By Remote Users

SecurityTracker Alert ID: 1006645

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Apr 24 2003

Impact: Denial of service via network

Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes

Version(s): 1.3.1 and prior versions

Description: A vulnerability was reported in VisNetic ActiveDefense. A remote user can cause the application to crash.

Positive Technologies reported that a remote user can submit specially crafted HTTP GET requests to a web server that is protected by VisNetic ActiveDefense to cause the system to stop processing traffic. A demonstration exploit request is provided:

GET /xxx...xx.htm HTTP/1.0

According to the report, a buffer of 90 packets with each packet being 100 bytes in length will trigger the flaw.

A cold restart is reportedly required to return the system to normal operations.

Impact: A remote user can cause the system to stop processing traffic.

Solution: The vendor has released a patch for version 1.3.1, available at:

http://www.deerfield.com/download/visnetic_activedefense/

Vendor URL: www.deerfield.com/download/visnetic_activedefense/ (Links to External Site)

Cause: Boundary error, Exception handling error

Underlying OS: Windows (Any)

Reported By: Dmitry Maksimov <dmaksimov@ptsecurity.ru>

Message History: None.

Source Message Contents

Date: Thu, 24 Apr 2003 20:46:54 +0400
From: Dmitry Maksimov <dmaksimov@ptsecurity.ru>
Subject: Positive Technologies SA2003-0310: DoS-attack in VisNetic ActiveDefense

 

               Positive Technologies Security Advisory
                     http://www.ptsecurity.com


        Title: DoS-attack in VisNetic ActiveDefense
         Date: March, 10 2003
     Severity: High
  Application: VisNetic ActiveDefense 1.3.1 and early
     Platform: Windows 95/98/ME/NT/2000/XP
Vendor Status: Notified, patched

 

I. DESCRIPTION 

---------------

A DoS attack vulnerability was reported in VisNetic ActiveDefense 1.3.1.
Positive Technologies reported that the long request sent to Microsoft IIS
through VisNetic ActiveDefense

GET /xxx...xx.htm HTTP/1.0,

where buffer consists of 90 packets (the length of each packet is 100 bytes),
totally blocks computer.

For check this vulnerability you can use http://www.ptsecurity.com/tools/PTvad.zip



II. IMPACT

---------------

Long request blocks entire computer. Just cold restart is possible (Reset button).


III. SOLUTION 

---------------

Install patch
http://www.deerfield.com/download/visnetic_activedefense/


IV. VENDOR FIX/RESPONSE

---------------

Vendor was notified on 14.04.2003.


V. CREDIT

---------------

Positive Technologies is information security company especially focused on
protection of corporate networks from external attacks. The main trend of
PT’s activity is computer networks security audit and service. PT offers
wide range of services in the filed of information security: from network
architecture development or optimization to consulting and custom software
source-code examination.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2002, SecurityGlobal.net LLC