CVE-2000-0394
published 2000-05-18CVE-2000-0394: NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.
PriorityP415medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.43%
87.4th percentile
NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axent | netprowler | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Axent NetProwler 3.0 - IP Packets Denial of Service (1)
exploitdb·2000-05-18
CVE-2000-0394 Axent NetProwler 3.0 - IP Packets Denial of Service (1)
Axent NetProwler 3.0 - IP Packets Denial of Service (1)
---
// source: https://www.securityfocus.com/bid/1225/info
Axent NetProwler 3.0 IDS is vulnerable to a malformed packet attack. It will crash if the Man-in-the-Middle signature encounters a packet for which the following expression is true:
(IP_HEADER_LENGTH + TCP_HEADER_LENGTH) > IP_TOTAL_LENGTH
According to Axent Security team, this is not a fragmented packet issue as reported in RFP2K05 By Rain Forest Puppy.
In addition, NetProwler utilizes Microsoft JET engine 3.5 for storing incoming alert information. More information regarding the Microsoft JET engine 3.5 vulnerability can be found at:
https://www.securityfocus.com/bid/286
/* RFProwl.c - rain forest puppy / wiretrip / [email protected]
Kills NetProwler IDS version 3.0
Y
Exploit-DB
Axent NetProwler 3.0 - IP Packets Denial of Service (2)
exploitdb·2000-05-18
CVE-2000-0394 Axent NetProwler 3.0 - IP Packets Denial of Service (2)
Axent NetProwler 3.0 - IP Packets Denial of Service (2)
---
source: https://www.securityfocus.com/bid/1225/info
Axent NetProwler 3.0 IDS is vulnerable to a malformed packet attack. It will crash if the Man-in-the-Middle signature encounters a packet for which the following expression is true:
(IP_HEADER_LENGTH + TCP_HEADER_LENGTH) > IP_TOTAL_LENGTH
According to Axent Security team, this is not a fragmented packet issue as reported in RFP2K05 By Rain Forest Puppy.
In addition, NetProwler utilizes Microsoft JET engine 3.5 for storing incoming alert information. More information regarding the Microsoft JET engine 3.5 vulnerability can be found at:
https://www.securityfocus.com/bid/286
#include "tcpip.casl"
#include "packets.casl"
Src = pop args;
Dst = pop args;
Src = getip(Src);
Dst
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=95878603510835&w=2http://www.securityfocus.com/bid/1225http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA%40axent.comhttp://marc.info/?l=bugtraq&m=95878603510835&w=2http://www.securityfocus.com/bid/1225http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA%40axent.com
2000-05-18
Published