SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   RealSecure Vendors:   Internet Security Systems
ISS RealSecure ICQ Buffer Overflow Yields SYSTEM Level Access to Remote Users
SecurityTracker Alert ID:  1009348
SecurityTracker URL:  http://securitytracker.com/id/1009348
CVE Reference:   CAN-2004-0362   (Links to External Site)
Updated:  Mar 23 2004
Original Entry Date:  Mar 9 2004
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Network 7.0, XPU 22.11 and before, Server Sensor 7.0 XPU 22.11 and before, Server Sensor 6.5 for Windows SR 3.10 and before, Desktop 7.0 ebl and before, Desktop 3.6 ecf and before, Guard 3.6 ecf and before, Sentry 3.6 ecf and before
Description:   A buffer overflow vulnerability was reported in ISS RealSecure in the processing of ICQ messages. A remote user can gain SYSTEM level access.

eEye Digital Security reported that they have discovered a vulnerability in ISS RealSecure and ISS BlackICE. According to ISS, the vulnerability is a buffer overflow in the processing of ICQ protocol response messages. A remote user can send a specially crafted packet over a network monitored by or to a desktop monitored by RealSecure to trigger the flaw and execute arbitrary code on the system running RealSecure.

According to the report, a remote user can gain SYSTEM level access on the target system.
Impact:   A remote user can gain SYSTEM level access on the target system.
Solution:   The vendor has issued a fix, available at the ISS Download Center:

http://www.iss.net/download/

The following fixed versions are available:

RealSecure Network 7.0, XPU 22.12
RealSecure Server Sensor 7.0 XPU 22.12
RealSecure Desktop 7.0 ebm
RealSecure Desktop 3.6 ecg
RealSecure Guard 3.6 ecg
RealSecure Sentry 3.6 ecg
RealSecure Server Sensor 6.5 for Windows SR 3.11
Vendor URL:  www.iss.net/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Red Hat Linux), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 20 2004 (A Worm is Spreading) ISS RealSecure ICQ Buffer Overflow Yields SYSTEM Level Access to Remote Users
A worm (Witty.Worm) is targeting vulnerable systems.


 Source Message Contents
Date:  Mon, 08 Mar 2004 22:19:18 -0500
Subject:  http://www.eeye.com/html/Research/Upcoming/20040308.html


http://www.eeye.com/html/Research/Upcoming/20040308.html

eEye Digital Security reported that they have discovered a vulnerability in ISS RealSecure 
and ISS BlackICE.  The cause of the vulnerability was not disclosed pending vendor 
notification and correction.

According to the report, a remote user can gain SYSTEM level access on the target system.

The vendor has reportedly been notified.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC