OSVDB ID: 4355

Title: ISS Multiple Products PAM Component ICQ Protocol Parsing Overflow

Info

Disclosure
Mar 18, 2004

Discovery
Mar 08, 2004

Dates

Exploit
Unknown

Solution
Mar 18, 2004

Description

 Internet Security Systems' Protocol Analysis Module (PAM) contains a flaw that allows a remote attacker to execute arbitrary code. The issue is due to a series of stack based buffer overflows in the module that monitors ICQ server responses. If an attacker sends a specially crafted UDP packet that originates with a source port of 4000, they may be able to execute arbitrary code.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial, Exploit Wormified
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Upgrade to the latest version available on the vendor website, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Internet Security Systems

BlackICE Agent for Server

 3.6

BlackICE PC Protection

 3.6

Proventia A Series XPU

 22.11

Proventia G Series XPU

 22.11

Proventia M Series XPU

 1.9

RealSecure Desktop

 3.6
7.0

RealSecure Guard

 3.6

RealSecure Network Sensor

 7.0 XPU 22.11

RealSecure Sentry

 3.6

RealSecure Server Sensor

 6.5 SR 3.10
7.0 XPU 22.11

References

Credit
  • eEye Digital Security - infoeeye.com - eEye Digital Security


Direct URL: http://osvdb.org/4355