IBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, RealSecure Network, RealSecure Server Sensor, BlackICE Server Protection, BlackICE PC Protection, Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Linux technology, RealSecure Desktop, Virtual Server Protection for Vmware:
A DPS message with an invalid magic number was encountered.
IBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, RealSecure Network, RealSecure Server Sensor, BlackICE Server Protection, BlackICE PC Protection, Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Linux technology, RealSecure Desktop, Virtual Server Protection for Vmware: This signature fires on network traffic that will affect a vulnerable server. Unfortunately, the data used to perform the attack is malformed in such a way that it may not be positively identified. It is necessary to correlate these events with vulnerability information to positively identify malicious traffic.
Medium
IBM Security Server Protection for Windows: 1.0.914.1890, Proventia Network MFS: XPU 1.88, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia-G 1.1 and earlier: XPU 24.49, Proventia Network IDS: XPU 24.49, RealSecure Network: XPU 24.49, RealSecure Server Sensor: XPU 24.49, BlackICE Server Protection: 3.6.cpu, BlackICE PC Protection: 3.6cpu, Proventia Network IPS: XPU 1.88, Proventia Desktop: 1890, Proventia Server IPS for Linux technology: 1.88, RealSecure Desktop: epu, Virtual Server Protection for Vmware: 1.0
Microsoft Business Solutions Great Plains: 7.5, Microsoft Business Solutions Dynamics: 6.0, Microsoft Business Solutions Dynamics: 7.0, Microsoft Dynamics GP: 9.0
Denial of Service
Microsoft Dynamics GP (formerly known as Great Plains) is vulnerable to a denial of service caused by improper handling of Distributed Process Server (DPS) messages. By sending a specially-crafted DPS message containing an invalid magic number, a remote attacker could cause the system to crash.
Upgrade to the latest version of Microsoft Dynamics GP (10.0 or later), available from the Microsoft Web site. See References.
Microsoft Web site
What's new in Microsoft Dynamics GP 10.0
http://www.microsoft.com/dynamics/gp/product/10.mspx
ISS X-Force
Microsoft Dynamics GP magic number denial of service
http://www.iss.net/security_center/static/25844.php
CVE
CVE-2006-5265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5265