WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
1 June, 2000
NetProwler DoS and Microsoft Jet Vulnerabilities

Recently, Rain Forest Puppy posted a security alert to Buqtraq and other forums. The postings concern two issues:

  1. A Denial of Service attack can crash NetProwler 3.0.
  2. A possible exploit involving the Microsoft Jet database engine drivers.

Man-in-the-Middle DoS

Using a tool called fragrouter, an attacker can send malformed packets to a host that is being monitored by NetProwler 3.0 with the Man-in-the-Middle signature enabled. This may cause NetProwler 3.0 to crash and present a Microsoft "Dr. Watson" error message. The crash is not related to fragmentation, but is actually due to an error in packet headers generated by fragrouter, where the total length of the IP packet (represented by bits 16-31 of the IP header) is smaller than the combined lengths of the IP and TCP headers.

Note that the Man-in-the-Middle signature is only applied to a host if FTP services are detected to be running on that host. Therefore, the attacker must be able to send the fragrouter modified packets to that server

The immediate fix for NetProwler 3.0 customers is to disable the Man-in the-Middle signature. The long term fix is to upgrade to NetProwler 3.5, which does not demonstrate this problem.

Microsoft Jet Drivers

NetProwler requires that Microsoft Jet database engine drivers are installed. Security issues have been found in some versions of Microsoft's Jet drivers. Microsoft has posted fixes that address all known security issues. For more information, review Microsoft Security Bulletin (MS99-030).

NetProwler 3.0 customers must:

  1. Upgrade current Jet drivers (MDAC version 2.1.2.4202.3). To upgrade to this version of MDAC, go to the MDAC 2.1.2.4202.3 (GA) Download Page and follow the instructions.
  2. Apply the Jet driver service pack (Jet40SP4.exe). To obtain and install the Jet 4.0 service pack (Jet40SP4.exe), go to Updated Version of Microsoft Jet 4.0 and follow the instructions. You must install Jet40SP4.exe on both the Agent and Manager systems.

NetProwler 3.5 ships with the current Jet drivers (MDAC version 2.1.2.4202.3), so NetProwler 3.5 customers need only apply the Jet driver service pack (Jet40SP4.exe). To obtain and install the Jet 4.0 service pack (Jet40SP4.exe), go to Updated Version of Microsoft Jet 4.0 and follow the instructions. You must install Jet40SP4.exe on both the Agent and Manager systems.


Last modified on: Friday, 13-Apr-2001 06:17:48 PDT
[an error occurred while processing this directive]