Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
CHAT:ICQ:ISS-BLACKICE-OF |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
CHAT |
Keywords |
ISS BlackIce ICQ Decoder META_USER Buffer Overflow |
Release Date |
2004/03/24 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
CHAT: ISS BlackIce ICQ Decoder META_USER Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the ICQ decoder on ISS BlackIce network devices. Attackers can remotely execute arbitrary code.
Extended Description
It has been reported that the Internet Security Systems (ISS) Protocol Analysis Module is prone to a remote buffer overflow vulnerability when parsing the ICQ protocol. This issue exists due to insufficient bounds checking performed on certain unspecified ICQ protocol fields supplied in ICQ response data. Successful exploitation of this issue may allow a remote attacker to execute arbitrary code on a vulnerable system in order to gain unauthorized access. This attack would occur in the context of the vulnerable process. This module is used to parse network protocols and is included in a number of products provided by ISS, including various RealSecure and BlackICE releases.
Affected Products
- Ibm blackice_agent 3.1.0
- Ibm blackice_agent_for_server 3.6.0 ebz
- Ibm blackice_agent_for_server 3.6.0 eca
- Ibm blackice_agent_for_server 3.6.0 ecb
- Ibm blackice_agent_for_server 3.6.0 ecc
- Ibm blackice_agent_for_server 3.6.0 ecd
- Ibm blackice_agent_for_server 3.6.0 ece
- Ibm blackice_agent_for_server 3.6.0 ecf
- Ibm blackice_pc_protection 3.6.0 .cbz
- Ibm blackice_pc_protection 3.6.0 cca
- Ibm blackice_pc_protection 3.6.0 ccb
- Ibm blackice_pc_protection 3.6.0 ccc
- Ibm blackice_pc_protection 3.6.0 ccd
- Ibm blackice_pc_protection 3.6.0 cce
- Ibm blackice_pc_protection 3.6.0 ccf
- Ibm blackice_server_protection 3.6.0 cbz
- Ibm blackice_server_protection 3.6.0 cca
- Ibm blackice_server_protection 3.6.0 ccb
- Ibm blackice_server_protection 3.6.0 ccc
- Ibm blackice_server_protection 3.6.0 ccd
- Ibm blackice_server_protection 3.6.0 cce
- Ibm blackice_server_protection 3.6.0 ccf
- Ibm proventia_a_series XPU 20.11
- Ibm proventia_a_series XPU 22.1
- Ibm proventia_a_series XPU 22.10
- Ibm proventia_a_series XPU 22.2
- Ibm proventia_a_series XPU 22.3
- Ibm proventia_a_series XPU 22.4
- Ibm proventia_a_series XPU 22.5
- Ibm proventia_a_series XPU 22.6
- Ibm proventia_a_series XPU 22.7
- Ibm proventia_a_series XPU 22.8
- Ibm proventia_a_series XPU 22.9
- Ibm proventia_g_series XPU 22.1
- Ibm proventia_g_series XPU 22.10
- Ibm proventia_g_series XPU 22.11
- Ibm proventia_g_series XPU 22.2
- Ibm proventia_g_series XPU 22.3
- Ibm proventia_g_series XPU 22.4
- Ibm proventia_g_series XPU 22.5
- Ibm proventia_g_series XPU 22.6
- Ibm proventia_g_series XPU 22.7
- Ibm proventia_g_series XPU 22.8
- Ibm proventia_g_series XPU 22.9
- Ibm proventia_m_series XPU 1.1
- Ibm proventia_m_series XPU 1.2
- Ibm proventia_m_series XPU 1.3
- Ibm proventia_m_series XPU 1.4
- Ibm proventia_m_series XPU 1.5
- Ibm proventia_m_series XPU 1.6
- Ibm proventia_m_series XPU 1.7
- Ibm proventia_m_series XPU 1.8
- Ibm proventia_m_series XPU 1.9
- Ibm realsecure_desktop 3.6.0 ebz
- Ibm realsecure_desktop 3.6.0 eca
- Ibm realsecure_desktop 3.6.0 ecb
- Ibm realsecure_desktop 3.6.0 ecd
- Ibm realsecure_desktop 3.6.0 ece
- Ibm realsecure_desktop 3.6.0 ecf
- Ibm realsecure_desktop 7.0.0 eba
- Ibm realsecure_desktop 7.0.0 ebf
- Ibm realsecure_desktop 7.0.0 ebg
- Ibm realsecure_desktop 7.0.0 ebh
- Ibm realsecure_desktop 7.0.0 ebj
- Ibm realsecure_desktop 7.0.0 ebk
- Ibm realsecure_desktop 7.0.0 ebl
- Ibm realsecure_guard 3.6.0 ebz
- Ibm realsecure_guard 3.6.0 eca
- Ibm realsecure_guard 3.6.0 ecb
- Ibm realsecure_guard 3.6.0 ecc
- Ibm realsecure_guard 3.6.0 ecd
- Ibm realsecure_guard 3.6.0 ece
- Ibm realsecure_guard 3.6.0 ecf
- Ibm realsecure_network_sensor 7.0.0
- Ibm realsecure_network_sensor 7.0.0 XPU 20.11
- Ibm realsecure_network_sensor 7.0.0 XPU 22.10
- Ibm realsecure_network_sensor 7.0.0 XPU 22.4
- Ibm realsecure_network_sensor 7.0.0 XPU 22.9
- Ibm realsecure_sentry 3.6.0 ebz
- Ibm realsecure_sentry 3.6.0 eca
- Ibm realsecure_sentry 3.6.0 ecb
- Ibm realsecure_sentry 3.6.0 ecc
- Ibm realsecure_sentry 3.6.0 ecd
- Ibm realsecure_sentry 3.6.0 ece
- Ibm realsecure_sentry 3.6.0 ecf
- Ibm realsecure_server_sensor 5.0.0 Win
- Ibm realsecure_server_sensor 5.5.0 Win
- Ibm realsecure_server_sensor 5.5.1 Win
- Ibm realsecure_server_sensor 5.5.2 Win
- Ibm realsecure_server_sensor 6.0.0 Win
- Ibm realsecure_server_sensor 6.0.1 Win
- Ibm realsecure_server_sensor 6.0.1 Win SR1.1
- Ibm realsecure_server_sensor 6.5.0 Win
- Ibm realsecure_server_sensor 6.5.0 Win SR3.1
- Ibm realsecure_server_sensor 6.5.0 Win SR3.10
- Ibm realsecure_server_sensor 6.5.0 Win SR3.2
- Ibm realsecure_server_sensor 6.5.0 Win SR3.3
- Ibm realsecure_server_sensor 6.5.0 Win SR3.4
- Ibm realsecure_server_sensor 6.5.0 Win SR3.5
- Ibm realsecure_server_sensor 6.5.0 Win SR3.6
- Ibm realsecure_server_sensor 6.5.0 Win SR3.7
- Ibm realsecure_server_sensor 6.5.0 Win SR3.8
- Ibm realsecure_server_sensor 6.5.0 Win SR3.9
- Ibm realsecure_server_sensor 7.0.0 XPU 22.1
- Ibm realsecure_server_sensor 7.0.0 XPU 22.10
- Ibm realsecure_server_sensor 7.0.0 XPU 22.11
- Ibm realsecure_server_sensor 7.0.0 XPU 22.2
- Ibm realsecure_server_sensor 7.0.0 XPU 22.3
- Ibm realsecure_server_sensor 7.0.0 XPU 22.4
- Ibm realsecure_server_sensor 7.0.0 XPU 22.5
- Ibm realsecure_server_sensor 7.0.0 XPU 22.6
- Ibm realsecure_server_sensor 7.0.0 XPU 22.7
- Ibm realsecure_server_sensor 7.0.0 XPU 22.8
- Ibm realsecure_server_sensor 7.0.0 XPU 22.9
References
- BugTraq: 9913
- CVE: CVE-2004-0362
- URL: http://www.kb.cert.org/vuls/id/947254