Hi all.
Today I have seen a new vulnerability in the BugTrack List over the
RealSecure Network Engine v.3.2.x.
ISS RealSecure 3.2.x can be disabled remotely via fragmented packets
with the SYN flag set.
On NT, after crashing the service will restart, and generates an
Application Log event. If the packets are continuosly resent, detection
is effectively halted while the service repeatedly restarts.
On Solaris, the process crashes, all detection stops, and a report is
generated to the console. Also, on Solaris it is possible to crash the
process with a flood of unfragmented packets if certain flgas (in
addition to SYN) are set.
You could see this entry in the SecurityFocus WEB Site or in the
BugTrack List. My question is.
Could this vunerability affect too the RealSecure in the steelth mode?.
Thanks.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/\ Manuel Gil
\\ \ System Engineer
\ \\ / E-mail: [EMAIL PROTECTED]
/ \/ / /
/ / \//\
\//\ / / Sun Microsystems Iberica
/ / /\ / Torre Picasso
/ \\ \ Planta 27
\ \\ Madrid Tel: 34-91-5969900
\/ Espa�a Fax: 34-91-5564097
Movil: 699 064 742
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
begin:vcard
n:Gil;Manuel
tel;work:+34915969900
x-mozilla-html:FALSE
url:www.sun.com
org:<CENTER><A href="http://www.sun.com"><Img Border=0 Src="http://www.sun.com/logos/images/test2.gif"></A></CENTER>
version:2.1
email;internet:[EMAIL PROTECTED]
title: </TD></TR><TR><TD align=center><font face=Arial,Helvetica" size=2><b> System Engineer</b><br><b>Departamento de PreVenta</b><br><br>SUN Microsystems - http://www.sun.com </font></TD></TR></TABLE><br>
adr;quoted-printable:;;Plaza Pablo Ruiz Picasso s/n=0D=0ATorre Picasso, Planta 27;Madrid;Madrid;28020;Spain
x-mozilla-cpt:;-13904
fn:Manuel Gil
end:vcard
