EIQ Networks Security Analyzer Null Pointer Dereference Client Denial of Service Vulnerability

Bugtraq ID:	21994
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Jan 10 2007 12:00AM
Updated:	Jan 11 2007 12:40AM
Credit:	Ethan Hunt is credited with the discovery of this vulnerability.
Vulnerable:	eIQnetworks Enterprise Security Analyzer 2.5 eIQnetworks Enterprise Security Analyzer 2.1 eIQnetworks Enterprise Security Analyzer 2.0
Not Vulnerable:

EIQ Networks Security Analyzer Null Pointer Dereference Client Denial of Service Vulnerability

EIQ Networks Security Analyzer is prone to a denial-of-service vulnerability.

A malicious server could cause a vulnerable client application to crash, effectively denying service.

EIQ Networks Security Analyzer Null Pointer Dereference Client Denial of Service Vulnerability

An attacker may use standard network tools to trigger this vulnerability.

A sample exploit has been provided:

• /data/vulnerabilities/exploits/21994.py

EIQ Networks Security Analyzer Null Pointer Dereference Client Denial of Service Vulnerability

Solution:
Currently we are not aware of any fixes for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

EIQ Networks Security Analyzer Null Pointer Dereference Client Denial of Service Vulnerability

References:

• EIQ Web Site (EIQ)
  
• [Full-disclosure] EIQ Networks Network Security Analyzer DoS Vulnerability ("Ethan Hunt" )