BMC Patrol UDP Bounce Attack Denial of Service Vulnerability
BID:1879
Info
BMC Patrol UDP Bounce Attack Denial of Service Vulnerability
| Bugtraq ID: | 1879 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 1999 12:00AM |
| Updated: | Apr 09 1999 12:00AM |
| Credit: | First posted to Bugtraq by fcosta <[email protected]> on April 9, 1999. |
| Vulnerable: |
BMC Software Patrol 3.2.5 |
| Not Vulnerable: | |
Discussion
BMC Patrol UDP Bounce Attack Denial of Service Vulnerability
Patrol is an enterprise management software suite offered by BMC Software. One of the Patrol components listens on a UDP port and accepts connections from any host / port by default. As a result, it may be possible for an attacker to cause a "ping pong" attack by spoofing packets so they appear to be from a host's chargen service. UDP datagrams would then bounce back and forth until the victim's network/CPU resources are exhausted.
Patrol is an enterprise management software suite offered by BMC Software. One of the Patrol components listens on a UDP port and accepts connections from any host / port by default. As a result, it may be possible for an attacker to cause a "ping pong" attack by spoofing packets so they appear to be from a host's chargen service. UDP datagrams would then bounce back and forth until the victim's network/CPU resources are exhausted.
Exploit / POC
BMC Patrol UDP Bounce Attack Denial of Service Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
BMC Patrol UDP Bounce Attack Denial of Service Vulnerability
Solution:
It is believed BMC Patrol 2000 is patched though this is unverified.
Solution:
It is believed BMC Patrol 2000 is patched though this is unverified.
References
BMC Patrol UDP Bounce Attack Denial of Service Vulnerability
References:
References:
- Vendor Homepage (BMC Software)