Reported August 11, 2004, by Corsaire Limited.
 

VERSIONS AFFECTED

  • Sygate Secure Enterprise 3.5 and earlier

DESCRIPTION
A Denial of Service (DoS) condition exists in Sygate Secure Enterprise 3.5 and earlier. Sygate Secure Enterprise uses HTTP to communicate with the Sygate Security Agent clients. These exchanges don't implement any form of replay protection, so an attacker can simply send repeated requests until all the resources on the host are exhausted.
 

VENDOR RESPONSE
The vendor, Sygate, has released a fix—3.5MR3—for this problem.

CREDIT
Discovered by Martin O'Neal.