---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: NetPerformer Products Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA21876 VERIFY ADVISORY: http://secunia.com/advisories/21876/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: NetPerformer SDM-9500 http://secunia.com/product/11942/ NetPerformer SDM-9380 http://secunia.com/product/11941/ NetPerformer SDM-9230 http://secunia.com/product/11940/ NetPerformer SDM-9220 http://secunia.com/product/11943/ DESCRIPTION: Arif Jatmoko has reported two vulnerabilities in various NetPerformer products, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the login handling in the telnet service can be exploited to crash and reboot a vulnerable device by sending an overly long username (more than 4550 characters). 2) An error in the handling of ICMP packets can be exploited to hang a vulnerable device by sending a spoofed ICMP packet to the device via a LAND attack where the source address is the same as the device address. The vulnerabilities have been reported in the following products: * NetPerformer SDM-95xx version 7.x (R1) * NetPerformer SDM-93xx version 10.x (R2) * NetPerformer SDM-92xx version 9.x (R1) SOLUTION: Filter traffic to the telnet service and filter ICMP packets to the device where the source address is the same as the destination address. PROVIDED AND/OR DISCOVERED BY: Arif Jatmoko ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049434.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------