Crashing NetProwler 3.0

 
Crashing NetProwler 3.0
Reported May 18 by
rain.forest.puppy

VERSIONS EFFECTED
  • NetProwler 3.0

DESCRIPTION

Sending two fragmented packets to machine monitored by NetProwler, the service can be made to crash. The packets must be sent to machine being mornitored by NetProwler using a spoofed source address of the actual NetProwler monitoring system.

In addition, the discoverer points out the NetProwler uses the Microsoft Jet database engine, which has serious security risks in and of itself.

VENDOR RESPONSE

Axent Technologies is aware of this matter, however no response was known at the time of this writing.

CREDITS
Discovered and reported by rain.forest.puppy

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish