ISS BlackICE / RealSecure Large ICMP Ping Packet Overflow DoS

high Nessus Plugin ID 10927

Synopsis

The application running on the remote host has a remote buffer overflow vulnerability.

Description

The remote host appears to be running either BlackICE or RealSecure Server Sensor.

This application has a remote buffer overflow vulnerability. It was possible to crash the application by flooding it with 10 KB ping packets.

A remote attacker could exploit this to cause a denial of service, or potentially execute arbitrary code.

Solution

Apply the appropriate patch referenced in the ISS advisory.

See Also

https://seclists.org/bugtraq/2002/Feb/37

https://seclists.org/bugtraq/2002/Feb/51

https://seclists.org/bugtraq/2002/Feb/48

http://web.archive.org/web/20131113184518/http://www.iss.net:80/threats/advise109.html

Plugin Details

Severity: High

ID: 10927

File Name: blackice_dos.nasl

Version: 1.34

Type: remote

Family: Firewalls

Published: 3/29/2002

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ThoroughTests, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/4/2002

Reference Information

CVE: CVE-2002-0237

BID: 4025