NAI Sniffer Agent False Login Denial of Service Vulnerability

NAI Sniffer Agent is part of the NAI Sniffer network monitoring package. A vulnerability exists in the agent that can allow a malicious user to crash a system running the agent.

The Sniffer Agent is access controlled, and requires a login for a user to attain remote access. It is reported that the Sniffer Agent does not reliably handle false login requests, and when faced with a large amount of false authentication requests, causes host system instability. This flaw makes it possible for a malicious user to crash a host running the agent by flooding it with false login requests, resulting in a Denial of Service.


Privacy Statement
Copyright 2010, SecurityFocus