This is now fully resolved as of about an hour ago.
The issue was in our Toplayer appliance that was implemented on 12/19, due to a rule automatically in place for port 5998 typically used for the Borland service. The rule blocked certain packets due to a buffer overflow vulnerability that would have crashed that specific software. Since we do not run Borland, this rule was disabled.
Quote:
Description EXPLT: Borland InterBase Remote Buffer Overflow Exploit
This rule is triggered when an exploit of the Borland InterBase database service (ibserver.exe) in Borland InterBase 2007 before SP2 is detected. The exploit allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp
|