NAI Sniffer Agent False Login Denial of Service Vulnerability
BID:1903
Info
NAI Sniffer Agent False Login Denial of Service Vulnerability
| Bugtraq ID: | 1903 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2000-1160 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 02 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | This vulnerability was first announced by Kevin Start <[email protected]> on November 2, 2000. |
| Vulnerable: |
Network Associates Sniffer Agent 3.0.10 |
| Not Vulnerable: | |
Discussion
NAI Sniffer Agent False Login Denial of Service Vulnerability
NAI Sniffer Agent is part of the NAI Sniffer network monitoring package. A vulnerability exists in the agent that can allow a malicious user to crash a system running the agent.
The Sniffer Agent is access controlled, and requires a login for a user to attain remote access. It is reported that the Sniffer Agent does not reliably handle false login requests, and when faced with a large amount of false authentication requests, causes host system instability. This flaw makes it possible for a malicious user to crash a host running the agent by flooding it with false login requests, resulting in a Denial of Service.
NAI Sniffer Agent is part of the NAI Sniffer network monitoring package. A vulnerability exists in the agent that can allow a malicious user to crash a system running the agent.
The Sniffer Agent is access controlled, and requires a login for a user to attain remote access. It is reported that the Sniffer Agent does not reliably handle false login requests, and when faced with a large amount of false authentication requests, causes host system instability. This flaw makes it possible for a malicious user to crash a host running the agent by flooding it with false login requests, resulting in a Denial of Service.
Exploit / POC
NAI Sniffer Agent False Login Denial of Service Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
NAI Sniffer Agent False Login Denial of Service Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
NAI Sniffer Agent False Login Denial of Service Vulnerability
References:
References: