By eSecurityPlanet.com Staff
Internet Security Systems (ISS) has announced that its BlackICE Defender and BlackICE Agent desktop firewall/intrusion detection systems (IDS) and potentially its RealSecure Server Sensor products may be subject to a denial of service vulnerability that allows intruders to execute code on targeted computers.
ISS issued a series of patches for the flaw that cover the various products in question. An advisory posted here contains links to the patches.
The BlackICE products combine firewall and IDS functions and are intended for home and small-office users. RealSecure Server Sensor is an enterprise-level product intended to identify and respond to attacks targeted at individual servers.
The routine the products use to capture transmitted packets contains a flaw that allows memory of the host system to be overwritten. ISS says it may be possible for hackers to control which areas of memory are overwritten, potentially enabling the intruder to execute arbitrary code on the systems.
The type of attack the vulnerability is susceptible to is based on the Internet Control Message Protocol (ICMP), which is used to send error and control messages. Given that most corporate firewalls can block ICMP messages from external IP addresses, the vulnerability is not likely to affect corporate users, ISS says.
Specific ISS systems that are affected by the flaw include the Windows 2000 and XP versions of: BlackICE Defender 2.9 and BlackICE Defender for Server 2.9; BlackICE Agent for Workstation 3.0 and 3.1; BlackICE Agent for Server 3.0 and 3.1.
The attack also may affect RealSecure Server Sensor 6.01 and 6.5 on Windows 2000, although ISS says attack results are inconsistent on those systems.
Images
IE 7
Firefox 2.0
