Searching nat software vulnerabilities

Denial of service in Cisco routers running NAT

routers | running | command | service | client | Denial | Telnet | Cisco | PORT | FTP | NAT | via |

Denial of service in Cisco routers running NAT via a PORT command from an FTP client to a Telnet port.


ICQ 98 beta on Windows NT leaks the internal IP

internal | address | Windows | segment | instead | public | packet | client | leaks | beta | data | ICQ | TCP |

ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration.


CITRIX Metaframe 1.8 logs the Client Address (I

Metaframe | Address | Client | CITRIX | logs |

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).


Lotus Domino web server 5.08 allows remote atta

server | Domino | Lotus | web |

Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.


Nokia Firewall Appliances running IPSO 3.3 and

VPN-1/FireWall-1 | Appliances | Firewall | Service | running | Nokia | Pack | IPSO |

Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.


Information leaks in IIS 4 through 5.1 allow re

potentially | Information | attackers | responses | sensitive | through | conduct | attacks | easily | remote | server | obtain | leaks | which | force | allow | brute | more | IIS | via |

Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (1) the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages, (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request.


IIS 5 and 5.1 supporting WebDAV methods allows

supporting | determine | attackers | internal | address | methods | system | WebDAV | allows | remote | IIS |

IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.


SafeTP 1.46, when network address translation (

SafeTP |

SafeTP 1.46, when network address translation (NAT) is being used, leaks the internal IP address of the FTP server in a response to a passive mode (PASV) file transfer request.


The NAT implementation in Zonet ZSR1104WE Wirel

implementation | ZSR1104WE | Wireless | Runtime | Version | Router | Zonet | Code | NAT |

The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions.


The NAT code (1) ip_nat_proto_tcp.c and (2) ip_

code | NAT |

The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption.


Heap-based buffer overflow in the NAT networkin

Workstation | networking | components | Heap-based | vmnet-natd | vmnatexe | overflow | buffer | Server | VMWare | ACE | NAT | GSX |

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.


ip_nat_pptp in the PPTP NAT helper (netfilter/i

ip_nat_pptp | helper | PPTP | NAT |

ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound PPTP_IN_CALL_REQUEST packet that causes a null pointer to be used in an offset calculation.


ip_nat_pptp in the PPTP NAT helper (netfilter/i

ip_nat_pptp | helper | PPTP | NAT |

ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service (memory corruption or crash) via a crafted outbound packet that causes an incorrect offset to be calculated from pointer arithmetic when non-linear SKBs (socket buffers) are used.


Linksys WRT54G routers version 5 (running VXWor

routers | version | Linksys | WRT54G |

Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.


Netgear 614 and 624 routers, possibly running V

Netgear |

Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.


The HTTP proxy in Symantec Gateway Security 500

Symantec | Security | Gateway | proxy | HTTP |

The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.


The snmp_trap_decode function in the SNMP NAT h

snmp_trap_decode | function | helper | kernel | before | Linux | SNMP | NAT |

The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.


Microsoft Windows NAT Helper Components (ipnath

Components | Microsoft | Windows | Helper | NAT |

Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.


Teredo clients, when located behind a restricte

traditional | restricted | connection | attackers | establish | guessing | required | clients | without | mapping | inbound | located | client | Teredo | behind | remote | allow | find | port | NAT |

Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure.


Software vulnerabilities results 1 to 20 of 20     
Page: 12