MediumRealSecure Network, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Server IPS for Linux technology, RealSecure Sentry, BlackICE PC Protection, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, Proventia Network MFS, RealSecure Desktop Protector, BlackICE Agent for Server, RealSecure Guard, RealSecure Server Sensor:
This signature detects a corrupted UDP frame with an illegal length field. Some older Unix systems will crash when they receive such traffic. This could indicate an attacker's attempt to cause a denial of service.
This signature replaces UDPBomb.
Medium
RealSecure Network: 7.0, Proventia Network IPS: 2.0, Proventia-G 1.1 and earlier: G Series, Proventia Desktop: 8.0.614.1, Proventia Server IPS for Linux technology: 1.0, RealSecure Sentry: 3.6, BlackICE PC Protection: 3.6.cbd, BlackICE Server Protection: 3.6.cbd, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, Proventia Network MFS: 1.0, RealSecure Desktop Protector: 3.6, BlackICE Agent for Server: 3.6, RealSecure Guard: 3.6, RealSecure Server Sensor: 7.0
Sun SunOS: 4.0.3, Sun SunOS: 4.1, Sun SunOS: 4.1.1, Sun SunOS: 4.1.3, Sun SunOS: 4.1.2, Sun SunOS: 4.0.3c, Sun SunOS: 4.1psr_a, Sun SunOS: 4.1.3a1
Denial of Service
By sending a UDP packet constructed with illegal values in certain fields, an attacker can crash some older Unix systems. Most operating systems that are not vulnerable to this attack will discard the invalid packet without retaining evidence indicating that an attack occurred.
Apply the Sun Patch ID#100567-04, available from the SunSolve Online: Patches Web site. See References.
Sun Microsystems, Inc. Web site
SunSolve Online: Patches
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access
ISS X-Force
SunOS can be crashed with malformed UDP packets
http://www.iss.net/security_center/static/143.php
CVE
CVE-1999-0217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0217