Reported August 22, 2000 by
Modulo Security Labs

VERSIONS AFFECTED
  • Internet Security Systems' RealSecure 3.2.1 for NT
  • Internet Security Systems' RealSecure 3.2.1 and 3.2.2 for Solaris

    DESCRIPTION

    A denial of service attack can be launched against RealSecure by sending a flood of SYN packets with specific flags set. Such an attack can successfully prevent RealSecure from protecting its defined networks.

    By sending a heavy continous flood of the specifically crafted packets, the NT version of RealSecure will repeatedly crash and restart itself, where CPU loads could reach 100 percent utilization.

    By sending a much lighter stream of specifically craft SYN packets (approximately 50 packets per second) the Solaris version can be held at bay where the product cannot detect other ensuing attacks.

    VENDOR RESPONSE

    According to the discoverer, Internet Security System (ISS) will issue a detailed advisory and fix for the problem. We will update this bulletin when the fix is available

    CREDIT
    Discovered by
    Modulo Security Labs