Reported February 26, 2004 by eEye Digital Security.

 

 

VERSIONS AFFECTED

 

  • RealSecure Network 7.0, XPU 20.15 through 22.9

  • Real Secure Server Sensor 7.0 XPU 20.16 through 22.9

  • Proventia A Series XPU 20.15 through 22.9

  • Proventia G Series XPU 22.3 through 22.9

  • Proventia M Series XPU 1.3 through 1.7

  • RealSecure Desktop 7.0 eba through ebh

  • RealSecure Desktop 3.6 ebr through ecb

  • RealSecure Guard 3.6 ebr through ecb

  • RealSecure Sentry 3.6 ebr through ecb

  • BlackICE PC Protection 3.6 cbr through ccb

  • BlackICE Server Protection 3.6 cbr through ccb

 

DESCRIPTION

 

A heap-overflow vulnerability in RealSecure and BlackICE servers can result in the arbitrary execution of code on the vulnerable server. This vulnerability is a result of a flaw that exists within the component that handles the processing of Server Message Block (SMB) packets. By issuing an authentication request with a long username value, an attacker can trigger a direct heap overwrite and subsequently execute code.

 

VENDOR RESPONSE

Internet Security Systems has released patches for the affected servers and recommends that affected users immediately apply them.

<strong><span style="font-family: Verdana; color: purple">CREDIT</h3></strong>

Discovered by Barnaby Jack.