[Dshield] BlackICE/RealSecure dangers and issues
security at admin.fulgan.com
Wed Mar 3 08:19:53 GMT 2004
If you've been following NT bugtrack recently, you probably already
know the first part of that message:
EEye has discovered a vulnerability in the BlackICE/RealSecure
software firewall/IDS. Using specially-crafted SMB packets, an
attacker can have the system execute arbitrary code in the SYSTEM
security context (that's a remote root exploit). Full detail here:
Beware that the first patched version had a bug that prevented some
VPN systems to work and there is indication that the current version
is also buggy on some aspects.
Now for the contention:
ISS, the company that produces these products, has a policies about
software update: you need to subscribe to their services (for a fee)
to get the patch. Now, one would guess that fore something as critical
as this flaw, they would provide a free patch for every users,
subscription or not. Trouble is: they don't.
So, if anyone is considering using any of their product, please take
into consideration that the support level is limited.
More information about the list