Multiple Memory Corruption Flaws Lead To Denial-Of-Service

Document ID : KB000071342
Last Modified Date : 19/02/2018
Show Technical Document Details
Question:
When we were were running a penetration test on Spectrum, we found two instances in which an unauthenticated user could trigger a DOS condition in the Spectrum server. Specifically, an invalid authentication packet modified to include more data than the original packet was found to cause an access violation which subsequently caused the service to crash.
How can we address this vulnerability which has been found in Spectrum?
 
Environment:
Spectrum 10.0; 10.2.1; 10.2.2;
 
Answer:
This vulnerability has been addressed in Spectrum 10.2.3. 
If you are running Spectrum 10.2.2, please contact CA support to request for the PTF 10.2.2_PTF_10.2.219.