Reported February 26, 2004 by eEye Digital Security.
VERSIONS AFFECTED
-
RealSecure Network 7.0, XPU 20.15 through 22.9
-
Real Secure Server Sensor 7.0 XPU 20.16 through 22.9
-
Proventia A Series XPU 20.15 through 22.9
-
Proventia G Series XPU 22.3 through 22.9
-
Proventia M Series XPU 1.3 through 1.7
-
RealSecure Desktop 7.0 eba through ebh
-
RealSecure Desktop 3.6 ebr through ecb
-
RealSecure Guard 3.6 ebr through ecb
-
RealSecure Sentry 3.6 ebr through ecb
-
BlackICE PC Protection 3.6 cbr through ccb
-
BlackICE Server Protection 3.6 cbr through ccb
DESCRIPTION
A heap-overflow vulnerability in RealSecure and BlackICE servers can result in the arbitrary execution of code on the vulnerable server. This vulnerability is a result of a flaw that exists within the component that handles the processing of Server Message Block (SMB) packets. By issuing an authentication request with a long username value, an attacker can trigger a direct heap overwrite and subsequently execute code.
VENDOR RESPONSE
Internet Security Systems has released patches for the affected servers and recommends that affected users immediately apply them.
CREDIT
Discovered by Barnaby Jack.
