Results 1 to 2 of 2

Thread: ISS BlackIce Vulnerability

  1. #1
    Junior Member
    Join Date
    Mar 2002
    Posts
    23

    ISS BlackIce Vulnerability

    Don't know if this has already been mention or not but....

    From Symantec

    ISS BlackICE ping flood buffer overflow allows code execution
    Risk
    MEDIUM

    Date Discovered
    02-04-2002

    Description
    Symantec is aware of a remote access buffer overflow condition existing in versions of ISS BlackICE and RealSecure firewall/IDS products that can potentially allow a remote attacker to execute arbitrary code with kernel-level access on targeted systems.

    Versions of ISS's BlackICE and RealSecure products running on Microsoft Windows 2000 and XP platforms allow a remote attacker to send a modified ping flood of fragmented ICMP echo request packets that can crash the targeted system upon which the firewall/IDS product resides or, if the packets are carefully crafted, allow the remote attacker to run arbitrary code with kernel-level privileges.

    While the risk to corporate systems may be limited since most corporate networks deny all ICMP packets from external addresses, small business and cable modem users could be at a high risk of system compromise since they would not normally be using additional perimeter firewalls as a part of a multi-layered network defense.

    There are no known publicly released exploits for this vulnerability at the time of this posting. This vulnerability was originally discovered by Matt Taylor.

    Platform(s) Affected
    Windows
    For more info:

    Symantec

  2. #2
    Junior Member
    Join Date
    Feb 2002
    Posts
    1
    u suck

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •