SafeNet Sentinel Protection Installer Long Request DoS Vulnerability Network Vulnerability

Summary

The host is running Sentinel Protection Installer and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause the application to crash, creating a denial-of-service condition. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to a boundary error in Sentinel Keys Server within the 'sntlkeyssrvr.exe' when handling long requests, can be exploited to cause a stack-based buffer overflow via an overly-long request.

Affected

Sentinel Protection Installer version 7.6.5 (sntlkeyssrvr.exe v1.3.1.3)

References

http://1337day.com/exploits/19455
http://bot24.blogspot.in/2012/09/safenet-sentinel-keys-server-dos.html
http://secunia.com/advisories/50685/
http://www.exploit-db.com/exploits/21508/
http://www.securelist.com/en/advisories/50685

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Mac OS X)
Adersoft VbsEdit '.vbs' File Denial Of Service Vulnerability
Adobe Digital Edition Denial of Service Vulnerability (Windows)
Adobe Reader '.ETD File' Denial of Service Vulnerability (Mac OS X)
Allegro Software RomPager 2.10 Denial of Service

Take action and discover your vulnerabilities