Colasoft Capsa ,a commercial software,is a powerful network packet analyzer,and you can get it from http://www.colasoft.com.cn (China)and http://www.javvin.com(USA).
--------------------------------------------------
I. Summary
A flaw has been identified in Colasoft Capsa 7.2.1 concerning SNMPv1 protocol dissector.When dissect a malformed snmpv1 packet,it will crash.
--------------------------------------------------
II. Description
When you send a malformed snmpv1 packet to any ip address,Colasoft Capsa7.2.1 will capture the snmpv1 packet and will crash as soon as you check the snmpv1 packet.It is a denial of service
-------------------------------------------------
III. Impact
identifies the following problems:
CVE-2009-3228
Eric Dumazet reported an instance of uninitialized kernel memory
in the network packet scheduler. Local users may be able to
exploit this issue to read the contents of sensitive kernel
memory.
CVE-2009-3238
issues to gain access to kernel memory.
CVE-2009-3228
Eric Dumazet reported an instance of uninitialized kernel memory
in the network packet scheduler. Local users may be able to
exploit this issue to read the contents of sensitive kernel
memory.
CVE-2009-3238
8.1. *SAP Netweaver DiagTraceR3Info Vulnerability*
[CVE-2011-1516] The vulnerability can be triggered when SAP Netweaver
'disp+work.exe' module process a specially crafted network packet.
Malicious packets are processed by the vulnerable function
'DiagTraceR3Info' in the 'disp+work.exe' module when the Developer Trace
is configured at levels 2 or 3 for the "Dialog processor" component of
the "Dialog" work process handling the packet [2]. This vulnerability
could allow a remote unauthenticated attacker to execute arbitrary code
issues to gain access to kernel memory.
CVE-2009-3228
Eric Dumazet reported an instance of uninitialized kernel memory
in the network packet scheduler. Local users may be able to
exploit this issue to read the contents of sensitive kernel
memory.
CVE-2009-3238
- -----/
The code above checks for an error condition based on the value of an
Error Code field in the inbound network packet. An error condition is
explicitly handled if the Error Code value is less than or equal to -1,
in which case a MessageBox with a corresponding descriptive error string
will be presented to the user. However, by crafting a packet with any
negative value in the Error Code field different from -1 the lookup for
the corresponding error string will fail triggering a non-recoverable
---[ SAP DIAG Decompress plugin for Wireshark
SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP FronTend client software and SAP application servers.
Version: 0.1b
License: AS IS
More info and Download URL:
http://ptresearch.blogspot.com/2011/10/sap-diag-decompress-plugin-for.html
Hummingbird and OpenText Search Server. Authentication is not required
to exploit this vulnerability.
The specific flaw exists in the Hummingbird STR service (STRsvc.exe)
which listens by default on TCP port 10500. The STRlib.dll module
receives network packet data into a static stack buffer. By providing a
large enough packet, this buffer can overflow. Exploitation allows
remote attackers to execute arbitrary code under the context of the
SYSTEM user.
-- Vendor Response:
005FED86 RETN
- -----/
The code above checks for an error condition based on the value of an
Error Code field in the inbound network packet. An error condition is
explicitly handled if the Error Code value is less or equal than -1 in
which case a MessageBox with a corresponding descriptive error string
will be presented to the user. However by crafting a packet with any
negative value in the Error Code field different that -1 the lookup for
the corresponding error string will fail triggering a non-recoverable
Vulnerability Summary:
A vulnerability exists in EMC NetWorker which can be exploited to potentially create a denial of service condition or eavesdrop on process communications.
Vulnerability Details:
EMC Networker uses an RPC library to provide a portmapper service within nsrexecd. The portmapper restricts access for service commands to the localhost. However, the UDP protocol allows malicious users to spoof the source address of the network packet making it appear it originated from the localhost. This potentially may allow a remote malicious user to unregister existing NetWorker RPC services or register new RPC services.
Problem Resolution:
The following EMC NetWorker products contain resolutions to this issue:
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc.
Details:
Sending a specially crafted network packet to an Oracle Database during the connection before the user authentication is performed it is possible to make the Oracle process consume all available CPU resources. To exploit this vulnerability no authentication is needed, the attacker needs to know the SID or Service Name of the database.
Impact:
It is possible to cause a denial of service on the Oracle process by sending a specially crafted network packet.
Vendor Status:
