Astaro Secure Gateway packet filter denial of service
| astaro-packetfilter-dos (35823) |  Low Risk |
Description:
Astaro Secure Gateway, formerly Astaro Security Linux, is vulnerable to a denial of service, caused by an unspecified vulnerability in packet filtering. A remote attacker could exploit this vulnerability to cause the device to slow or crash.
Platforms Affected:
- Astaro, Astaro Security Gateway 7.x
Remedy:
Upgrade to the latest version of Astaro Secure Gateway (7.006 ISO or later), available from the Astaro Secure Gateway Web site. See References.
Consequences:
Denial of Service
References:
- Astaro Secure Gateway Web site, Astaro / Products / Astaro Security Gateway - The Quickest Way to Secure Your Network at http://www.astaro.com/products/astaro_security_gateway.
- BugTraq Mailing List, Sat Aug 04 2007 - 21:04:21 CDT , DOS issue in Astaro Version 7 packet filter reporting, POSSIBLE security issue in POP3 proxy at http://archives.neohapsis.com/archives/bugtraq/2007-08/0067.html.
- BugTraq Mailing List, Sat Aug 18 2007 - 19:48:01 CDT , Astaro DOS and POP3 bypass issues partially resolved at http://archives.neohapsis.com/archives/bugtraq/2007-08/0304.html.
- CVE-2007-4243: Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.
- SECTRACK ID: 1018543: Astaro Security Gateway Lets Remote Users Deny Service and Potentially Bypass Security Scanning
Reported:
Aug 04, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net