Bugtraq: RFP2K05 - NetProwler "Fragmentation" Issue

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RFP2K05 - NetProwler "Fragmentation" Issue

From: securityteam () AXENT COM (AXENT Security Team)
Date: Tue, 23 May 2000 12:53:39 -0600


NetProwler 3.0 will crash if the Man-in-the-Middle signature encounters
a packet for which the following expression evaluates to true:
    (IP_HEADER_LENGTH + TCP_HEADER_LENGTH) > IP_TOTAL_LENGTH

This is not a packet fragmentation problem.  It is an issue with
specific malformed packets.

This problem has been fixed in NetProwler 3.5, and the code has been
reviewed for other similar issues.

Solutions:
    1. In NetProwler 3.0, disable the Man-in-the-Middle signature for
       all monitored hosts.
    2. Upgrade to NetProwler 3.5 (to be released in June 2000).

References:
    Advisory RF2K05 by rain forest puppy.

By Date By Thread

Current thread:

Re: Another hole in Cart32 sert sert (May 22)
- Qpopper 2.53 remote problem, user can gain gid=mail Prizm (May 23)
  - Re: Qpopper 2.53 remote problem, user can gain gid=mail Jose Nazario (May 24)
  - Re: Qpopper 2.53 remote problem, user can gain gid=mail Qpopper Support (May 24)
  - Re: Qpopper 2.53 remote problem, user can gain gid=mail Sebastian (May 25)
- RFP2K05 - NetProwler "Fragmentation" Issue AXENT Security Team (May 23)
- Re: Another hole in Cart32 CDI (May 23)
- <Possible follow-ups>
- Re: Another hole in Cart32 Clover Andrew (May 23)
- Re: Another hole in Cart32 Justin King (May 24)