Title: Realsecure DoS Attack Subversion Vulnerability
Severity: HIGH
Description:
Under some versions of Internet Security Systems RealSecure Network Intrusion Detection software it is possible for attackers to launch a series of IP Fragment based denial of service (DoS) attacks without the software detecting them as it should.
This is due to the software relying on packet signatures which if slightly changed will not be flagged as attacks. The attack in question is the Teardrop DoS and modifications thereof. In particular the SynDrop, NewTear and Targa attacks.
The Teardrop denial of service attack exploits a flaw inherent to multiple vendor TCP/IP stacks. This problem is related to how the TCP/IP stack handle reassembly of fragmented IP packets.
This attack can be delivered by sending 2 or more specially fragmented IP datagrams. The first is the 0 offset fragment with a payload of size N, with the MF bit on (data content is irrelevant). The second is the last fragment (MF == 0) with a positive offset < N and with a payload of < N.
This results in the TCP/IP stack allocating unusually large resources to reassembling the packet(s). Depending on the memory deployed on the target box this usually results in the system freezing due to insufficient memory or in some case causing the machine to reboot.
Affected Products:
- Internet Security Systems RealSecure 3.0.0
- Internet Security Systems RealSecure 3.1.0
- Internet Security Systems RealSecure 3.2.0
- Internet Security Systems RealSecure 3.2.1999
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
