Article

ISS patches serious multiple product vulnerabilities

Edmund X. DeJesus, Contributing Writer

Multiple products from intrusion detection vendor Internet Security Systems (ISS) share an identical vulnerability that can allow the remote execution of arbitrary code. Network security vendor eEye, which found the flaws, recommends patching to fix the problem. Mitigation may also be possible.

The

    Requires Free Membership to View

vulnerability exists in a common component of multiple products of the RealSecure and BlackICE product lines from ISS. The error occurs in the Protocol Analysis Module (PAM) parsing routine component, which is responsible for reassembling Server Message Block (SMB) packets after analysis. A remote attacker can send a specially crafted SMB packet with a too-long AccountName field that overwrites heap memory. This may permit execution of arbitrary code with system privileges. However, the attacker must establish a legitimate SMB session before launching an attack, which may reduce the risk. Since all packets must be processed, even the most restrictive program settings will not prevent the problem.

The vulnerability affects RealSecure Network 7.0, Real Secure Server Sensor 7.0, Proventia A Series, Proventia G Series, Proventia M Series, RealSecure Desktop, RealSecure Guard, RealSecure Sentry, BlackICE PC Protection and BlackICE Server Protection. ISS has issued patches. Mitigation is also possible by blocking SMB traffic at the perimeter.

eEye Digital Security took the controversial step of sending an advisory out on these vulnerabilities before a patch was available. The company says its goal is to make administrators aware of the existence of problems, while prodding software vendors to speed delivery of patches.

The statement comes after eEye remained mum for 200 days while waiting for Microsoft to release a patch last month for a critical vulnerability in its Windows software.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: