ISS RealSecure 3.2.x Fragmented SYN数据包DoS漏洞

漏洞信息详情

ISS RealSecure 3.2.x Fragmented SYN数据包DoS漏洞

• CNNVD编号：CNNVD-200010-084
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0692
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2000-10-20
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  iss
• 漏洞来源：
  Posted to bugtraq …

ISS RealSecure 3.2.1和3.2.2版本存在漏洞。远程攻击者可以借助带有SYN标志设置的分段数据包导致服务拒绝。

The official response from ISS on this issue is as follows:
We have currently identified and can confirm the
following based on exploit information in the security bulletin and what
we have received from Modulo and ISS research of the issues:
(1) A patch for Network Sensor 3.2.2 is available to
fix the Syn Flood issue. You must have an updated maintenance license
before downloading and installing this patch. Please read the release
notes first before installing. The patch can be downloaded at:

ftp://ftp.iss.net/private/support/patch/realsecure32/
(2) RealSecure 5.0 is not affected by the Syn Flood
issue brought up in the security bulletin,
(3) The command provided by Modulo produces a flood
of ipfrag events (thus throttling the console), but does not otherwise
affect the engine. RealSecure Network Sensor 5.0 contains a filter on the
ipfrag event which prevents it from being logged more than once per source
ip / destination ip pair.
Since RealSecure Network Sensor 3.2 supports the
advanced dialog through the console’s policy editor, the ipfrag event can
be tweaked to also use these same filter settings, preventing the console
flood:
same_source_ip
same_destinaion_ip
protect_from_flood

来源: BUGTRAQ
名称: 20000822 DOS on RealSecure 3.2
链接:http://archives.neohapsis.com/archives/bugtraq/2000-08/0267.html

来源: BID
名称: 1597
链接:http://www.securityfocus.com/bid/1597