| VID |
23064 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
ISS BlackICE installed on the host, according to the version number, is vulnerable to multiple buffer overflows via PAM components.
ISS BlackICE is a personal Firewall/IDS for Windows operating systems. Several remote vulnerabilities have been found in the product. These vulnerabilities could allow remote attackers to either stop the firewall/IDS service or execute arbitrary code on the affected host.
The PAM (Protocol Analysis Module) facilitates the parsing of network protocols in order to perform further analysis and attack detection. The issues exist in the SMB and ICQ parsing routines provided by the PAM component. Especially, Witty Worm is spreading via the ICQ parsing vulnerability in ISS products. Unpatched versions of the BlackICE PC Protection product could be infected.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://xforce.iss.net/xforce/alerts/id/165
http://xforce.iss.net/xforce/alerts/id/166
http://xforce.iss.net/xforce/alerts/id/167
http://www.kb.cert.org/vuls/id/150326
http://www.kb.cert.org/vuls/id/947254
http://www.eeye.com/html/Research/Upcoming/20040213.html
http://www.eeye.com/html/Research/Advisories/AD20040226.html
http://www.eeye.com/html/Research/Advisories/AD20040318.html
* Platforms Affected:
ISS, Inc. BlackICE Agent for Server 3.6 ecf and prior
ISS, Inc. BlackICE PC Protection 3.6 ccf and prior
ISS, Inc. BlackICE Server Protection 3.6 ccf and prior
ISS, Inc. RealSecure Desktop 3.6 ecf and prior
ISS, Inc. RealSecure Desktop 7.0 ebl and prior
ISS, Inc. RealSecure Guard 3.6 ecf and prior
ISS, Inc. RealSecure Network Sensor 7.0 XPU 22.4 - 22.10
ISS, Inc. RealSecure Sentry 3.6 ecf and prior
ISS, Inc. RealSecure Server Sensor 7.0 XPU 22.4 to 22.1
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest XPU, as listed below, available from the ISS Download Center:
http://www.iss.net/download/
RealSecure Network 7.0, XPU 22.12
RealSecure Server Sensor 7.0 XPU 22.12
Proventia A Series XPU 22.12
Proventia G Series XPU 22.12
Proventia M Series XPU 1.10
RealSecure Desktop 7.0 ebm
RealSecure Desktop 3.6 ecg
RealSecure Guard 3.6 ecg
RealSecure Sentry 3.6 ecg
BlackICE Agent for Server 3.6 ecg
RealSecure Server Sensor 6.5 for Windows SR 3.11
BlackICE PC Protection 3.6 ccg
BlackICE Server Protection 3.6 ccg |
| Related URL |
CVE-2000-0562,CVE-2002-0237,CVE-2002-0956,CVE-2002-0957,CVE-2004-0193,CVE-2004-0362 (CVE) |
| Related URL |
4025,4950,9513,9514,9752,9913 (SecurityFocus) |
| Related URL |
15207,15442,15543 (ISS) |
|
