Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detec

from [NSFOCUS Security Team] Network Security [Permanent Link]
Subject: NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability
Date: Thu, 27 Jul 2006 12:16:03 +0800 
NSFOCUS Security Advisory (SA2006-07)

ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS 
Vulnerability

Release Date: 2006-07-27

CVE ID: CVE-2006-3840

http://www.nsfocus.com/english/homepage/research/0607.htm

Affected systems & software
===================

RealSecure Network Sensor 7.0
Proventia A Series
Proventia G Series
Proventia M Series
RealSecure Server Sensor 7.0
Proventia Server
RealSecure Desktop 7.0
Proventia Desktop
BlackICE PC Protection 3.6
BlackICE Server Protection 3.6

Unaffected systems & software
===================


Summary
=========

NSFocus Security Team discovered a remote DoS vulnerability in ISS RealSecure/
BlackICE products lines' detection of MailSlot Heap Overflow (MS06-035). By
sending a specific SMB MailSlot packet it's possible to cause DoS in ISS
protection products.

Description
============

There is a DoS vulnerability in ISS protection products' detection of 
SMB_MailSlot_Heap_Overflow
(MS06-035/KB917159). By sending a specific SMB MailSlot packet it's possible
to cause an infinite loop to occur in the detection code, and the ISS product 
or even the operating system will stop to respond. For example, for BlackICE 
the vulnerability might cause the inerruption of the network traffic, 
and an approximately 100% CPU utilization. STOP BlackICE engine will not restore
normal operation. Instead OS restart is required. 

This vulnerability can be triggered by a single packet. The establishment of 
a real SMB session is not required.  

Workaround
=============

Block ports TCP/445 and TCP/139 at the firewall.
    
Vendor Status
==============

2006.07.24  Informed the vendor
2006.07.25  Vendor confirmed the vulnerability
2006.07.26  ISS has released a security alert and related patches.
            
For more details about the security alert, please refer to:
http://xforce.iss.net/xforce/alerts/id/230

ISS has released the following XPUs to fix this vulnerability:

RealSecure Network 7.0, XPU 24.40
Proventia A Series, XPU 24.40
Proventia G Series, XPU 24.40/1.79
Proventia M Series, XPU 1.79
RealSecure Server Sensor 7.0, XPU 24.40
Proventia Server 1.0.914.1880
RealSecure Desktop 7.0 epk
Proventia Desktop 8.0.812.1790/8.0.675.1790
BlackICE PC Protection 3.6 cpk
BlackICE Server Protection 3.6 cpk

Additional Information
========================

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2006-3840 to this issue. This is a candidate for inclusion in the 
CVE list (http://cve.mitre.org), which standardizes names for security problems.
Candidates may change significantly before they become official CVE entries.

Acknowledgment
===============

Chen Qing of NSFocus Security Team found the vulnerability.

DISCLAIMS
==========
THE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS" WITHOUT WARRANTY
OF ANY KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER EXPRESSED OR IMPLIED,
EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO EVENT SHALL NSFOCUS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,
EVEN IF NSFOCUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
DISTRIBUTION OR REPRODUCTION OF THE INFORMATION IS PROVIDED THAT THE
ADVISORY IS NOT MODIFIED IN ANY WAY.

Copyright 1999-2006 NSFOCUS. All Rights Reserved. Terms of use.


NSFOCUS Security Team <security@nsfocus.com>
NSFOCUS INFORMATION TECHNOLOGY CO.,LTD
(http://www.nsfocus.com)

PGP Key: http://www.nsfocus.com/homepage/research/pgpkey.asc
Key fingerprint = F8F2 F5D1 EF74 E08C 02FE 1B90 D7BF 7877 C6A6 F6DA
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability, NSFOCUS Security Team <=
Previous by Date:  Re: Write-up by Amit Klein: "Forging HTTP request headers with Flash", 3CO
Next by Date:  a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability, Dr . Jr7
Previous by Thread:  [Full-disclosure] [USN-326-1] heartbeat vulnerability, Martin Pitt
Next by Thread:  a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability, Dr . Jr7
Indexes:  [Date] [Thread] [Top] [All Lists]