1 June, 2000
NetProwler DoS and Microsoft Jet Vulnerabilities
Recently, Rain Forest Puppy posted a security alert to Buqtraq and other forums. The postings concern two issues:
Using a tool called fragrouter, an attacker can send malformed packets to a host that is being monitored by NetProwler 3.0 with the Man-in-the-Middle signature enabled. This may cause NetProwler 3.0 to crash and present a Microsoft "Dr. Watson" error message. The crash is not related to fragmentation, but is actually due to an error in packet headers generated by fragrouter, where the total length of the IP packet (represented by bits 16-31 of the IP header) is smaller than the combined lengths of the IP and TCP headers.
Note that the Man-in-the-Middle signature is only applied to a host if FTP services are detected to be running on that host. Therefore, the attacker must be able to send the fragrouter modified packets to that server
The immediate fix for NetProwler 3.0 customers is to disable the Man-in the-Middle signature. The long term fix is to upgrade to NetProwler 3.5, which does not demonstrate this problem.
Microsoft Jet Drivers
NetProwler requires that Microsoft Jet database engine drivers are installed. Security issues have been found in some versions of Microsoft's Jet drivers. Microsoft has posted fixes that address all known security issues. For more information, review Microsoft Security Bulletin (MS99-030).
NetProwler 3.0 customers must:
NetProwler 3.5 ships with the current Jet drivers (MDAC version 188.8.131.5202.3), so NetProwler 3.5 customers need only apply the Jet driver service pack (Jet40SP4.exe). To obtain and install the Jet 4.0 service pack (Jet40SP4.exe), go to Updated Version of Microsoft Jet 4.0 and follow the instructions. You must install Jet40SP4.exe on both the Agent and Manager systems.
Last modified on: Friday, 13-Apr-2001 06:17:48 PDT