CERTA-2002-AVI-094
Vulnerability from certfr_avis
Un utilisateur mal intentionné peut réaliser un déni de service sur RealSecure Network Sensor de ISS (Internet Security Systems) par le biais de paquets malicieusement construits.
Description
RealSecure Network Sensor est un système de détection d'intrusions.
Une vulnérabilité présente dans le traitement de certaines requêtes DHCP peut entraîner l'arrêt intempestif de RealSecure Network Sensor.
Cette vulnérabilité est exploitable à distance.
Contournement provisoire
Désactiver les signatures DHCP_ACK, DHCP_Discover et DHCP_Request dans la configuration de RealSecure Network Sensor.
Solution
Appliquer la mise à jour RealSecure X-Press Update 4.3 (se référer à la section documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "RealSecure Network Sensor 6.5.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "RealSecure Network Sensor 6.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "RealSecure Network Sensor 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nRealSecure Network Sensor est un syst\u00e8me de d\u00e9tection d\u0027intrusions.\n\nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente dans le traitement de certaines requ\u00eates DHCP\npeut entra\u00eener l\u0027arr\u00eat intempestif de RealSecure Network Sensor.\n\nCette vuln\u00e9rabilit\u00e9 est exploitable \u00e0 distance.\n\n## Contournement provisoire\n\nD\u00e9sactiver les signatures DHCP_ACK, DHCP_Discover et DHCP_Request dans\nla configuration de RealSecure Network Sensor.\n\n## Solution\n\nAppliquer la mise \u00e0 jour RealSecure X-Press Update 4.3 (se r\u00e9f\u00e9rer \u00e0 la\nsection documentation).\n",
"cves": [],
"initial_release_date": "2002-05-02T00:00:00",
"last_revision_date": "2002-05-02T00:00:00",
"links": [
{
"title": "Site Internet de ISS :",
"url": "http://www.iss.net/"
}
],
"reference": "CERTA-2002-AVI-094",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2002-05-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Un utilisateur mal intentionn\u00e9 peut r\u00e9aliser un d\u00e9ni de service sur\nRealSecure Network Sensor de ISS (Internet Security Systems) par le\nbiais de paquets malicieusement construits.\n",
"title": "Vuln\u00e9rabilit\u00e9 sur RealSecure Network Sensor",
"vendor_advisories": [
{
"published_at": null,
"title": "Liste de diffusion Bugtraq",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…