BlackICE open connection DoS

[souleman]

Got this from a symantic security alert...

BlackICE agent version 3.1ebh has been found to contain a remotely exploitable denial of service in certain configurations, which lets a remote attacker consume large amounts of memory (200 to 400 MB) on the system by simply opening many connections to the BlackICE system.

This vulnerability has been confirmed by the vendor, who recommends users lower the maximum number of open connections by changing the 'tcp.maxconnections' parameter in the blackice.ini file.

Source: VulnWatch http://archives.neohapsis.com/archiv...2-q2/0114.html

[avdven]

Hmmm... where'd VicTT go? Last night he was asking people (in IRC) to DoS him so that he could figure out if his BlackICE firewall was doing it's job. If someone had only known about this then... someone could have taught him that those kinds of propositions can be dangerous...

AJ

[a_420_hacker_24]

well after the first problem was found with black ice I stop using it because...If you find one vulnerability with software chances are that their will be more.I like tiny firewall alot better.

[khakisrule]

Lol, what a guy, and had I known he was asking I would have obliged. But how can it consume 400megs? Thats insane, pretty powerful attack I guess. But is there any way to know if a person is running BlackIce? Or do you have to guess? And I thought that BlackIce supposedly didn't advertise itself as a firewall. Doesn't it call itself something else? I may be wrong, I read that on some site that was sticking up for BlackIce.

[jethro]

But, in theory, can't this be achieved on any system which any service, like TELNET, FTP, even HTTP?