[Dshield] BlackICE/RealSecure dangers and issues

Stephane Grobety security at admin.fulgan.com
Wed Mar 3 08:19:53 GMT 2004


Hello everyone,

If you've been following NT bugtrack recently, you probably already
know the first part of that message:

EEye has discovered a vulnerability in the BlackICE/RealSecure
software firewall/IDS. Using specially-crafted SMB packets, an
attacker can have the system execute arbitrary code in the SYSTEM
security context (that's a remote root exploit). Full detail here:
http://www.eeye.com/html/Research/Advisories/AD20040226.html

Beware that the first patched version had a bug that prevented some
VPN systems to work and there is indication that the current version
is also buggy on some aspects.

Now for the contention:

ISS, the company that produces these products, has a policies about
software update: you need to subscribe to their services (for a fee)
to get the patch. Now, one would guess that fore something as critical
as this flaw, they would provide a free patch for every users,
subscription or not. Trouble is: they don't.

So, if anyone is considering using any of their product, please take
into consideration that the support level is limited.

Good luck,
Stephane






More information about the list mailing list