Reported August 11, 2004, by
Corsaire Limited.
VERSIONS AFFECTED
|
DESCRIPTION
A Denial of Service (DoS) condition exists in Sygate
Secure Enterprise 3.5 and earlier. Sygate Secure Enterprise uses HTTP to
communicate with the Sygate Security Agent clients. These exchanges don't
implement any form of replay protection, so an attacker can simply send
repeated requests until all the resources on the host are exhausted.
VENDOR RESPONSE
The vendor, Sygate, has released a fix—3.5MR3—for
this problem.
CREDIT
Discovered by Martin O'Neal.
0 comments
Hide comments