|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA10988] ISS Multiple Products SMB Packet Handling Buffer Overflow Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Feb 27 2004 - 04:00:07 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
ISS Multiple Products SMB Packet Handling Buffer Overflow
Vulnerability
SECUNIA ADVISORY ID:
SA10988
VERIFY ADVISORY:
http://secunia.com/advisories/10988/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From local network
OPERATING SYSTEM:
ISS Proventia A Series
ISS Proventia G Series
ISS Proventia M Series
SOFTWARE:
BlackICE PC Protection 3.x
BlackICE Server Protection 3.x
RealSecure Desktop Protector 3.x
RealSecure Desktop Protector 7.x
RealSecure Guard 3.x
RealSecure Network 7.x
RealSecure Sentry 3.x
RealSecure Server Sensor 7.x
DESCRIPTION:
eEye Digital Security has discovered a vulnerability in multiple ISS
products, which can be exploited by malicious people to compromise a
vulnerable system.
The vulnerability is caused due to a boundary error in the ISS
Protocol Analysis Module (PAM) component when re-assembling an
analysed SMB (Server Message Block) packet.
This can be exploited to cause a heap overflow by sending a specially
crafted "SMB Session Setup AndX request" SMB packet containing an
overly long value (about 300 bytes) in the "AccountName" field.
Successful exploitation may allow execution of arbitrary code with
SYSTEM privileges.
The vulnerability reportedly affects the following products:
* Proventia A Series XPU 20.15 through 22.9
* Proventia G Series XPU 22.3 through 22.9
* Proventia M Series XPU 1.3 through 1.7
* BlackICE PC Protection 3.6 cbr through ccb
* BlackICE Server Protection 3.6 cbr through ccb
* RealSecure Network 7.0, XPU 20.15 through 22.9
* RealSecure Server Sensor 7.0 XPU 20.16 through 22.9
* RealSecure Desktop 7.0 eba through ebh
* RealSecure Desktop 3.6 ebr through ecb
* RealSecure Guard 3.6 ebr through ecb
* RealSecure Sentry 3.6 ebr through ecb
SOLUTION:
The vendor has issued patches.
http://www.iss.net/download/
SMB traffic should generally be blocked at perimeter firewalls and
routers.
PROVIDED AND/OR DISCOVERED BY:
Barnaby Jack, eEye Digital Security.
ORIGINAL ADVISORY:
ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/165
eEye Digital Security:
http://www.eeye.com/html/Research/Advisories/AD20040226.html
OTHER REFERENCES:
CERT VU#150326:
http://www.kb.cert.org/vuls/id/150326
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]