Signature Detail
Short Name |
CHAT:ICQ:ISS-BLACKICE-OF |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
CHAT |
Keywords |
ISS BlackIce ICQ Decoder META_USER Buffer Overflow |
Release Date |
2004/03/24 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
ICQ: ISS BlackIce ICQ Decoder META_USER Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the ICQ decoder on ISS BlackIce network devices. Attackers can remotely execute arbitrary code.
Extended Description
It has been reported that the Internet Security Systems (ISS) Protocol Analysis Module is prone to a remote buffer overflow vulnerability when parsing the ICQ protocol. This issue exists due to insufficient bounds checking performed on certain unspecified ICQ protocol fields supplied in ICQ response data. Successful exploitation of this issue may allow a remote attacker to execute arbitrary code on a vulnerable system in order to gain unauthorized access. This attack would occur in the context of the vulnerable process. This module is used to parse network protocols and is included in a number of products provided by ISS, including various RealSecure and BlackICE releases.
Affected Products
- IBM BlackIce Agent 3.1.0
- IBM BlackICE Agent for Server 3.6.0 ebz
- IBM BlackICE Agent for Server 3.6.0 eca
- IBM BlackICE Agent for Server 3.6.0 ecb
- IBM BlackICE Agent for Server 3.6.0 ecc
- IBM BlackICE Agent for Server 3.6.0 ecd
- IBM BlackICE Agent for Server 3.6.0 ece
- IBM BlackICE Agent for Server 3.6.0 ecf
- IBM BlackICE PC Protection 3.6.0 .cbz
- IBM BlackICE PC Protection 3.6.0 cca
- IBM BlackICE PC Protection 3.6.0 ccb
- IBM BlackICE PC Protection 3.6.0 ccc
- IBM BlackICE PC Protection 3.6.0 ccd
- IBM BlackICE PC Protection 3.6.0 cce
- IBM BlackICE PC Protection 3.6.0 ccf
- IBM BlackIce Server Protection 3.6.0 cbz
- IBM BlackIce Server Protection 3.6.0 cca
- IBM BlackIce Server Protection 3.6.0 ccb
- IBM BlackIce Server Protection 3.6.0 ccc
- IBM BlackIce Server Protection 3.6.0 ccd
- IBM BlackIce Server Protection 3.6.0 cce
- IBM BlackIce Server Protection 3.6.0 ccf
- IBM Proventia A Series XPU 20.11
- IBM Proventia A Series XPU 22.1
- IBM Proventia A Series XPU 22.10
- IBM Proventia A Series XPU 22.2
- IBM Proventia A Series XPU 22.3
- IBM Proventia A Series XPU 22.4
- IBM Proventia A Series XPU 22.5
- IBM Proventia A Series XPU 22.6
- IBM Proventia A Series XPU 22.7
- IBM Proventia A Series XPU 22.8
- IBM Proventia A Series XPU 22.9
- IBM Proventia G Series XPU 22.1
- IBM Proventia G Series XPU 22.10
- IBM Proventia G Series XPU 22.11
- IBM Proventia G Series XPU 22.2
- IBM Proventia G Series XPU 22.3
- IBM Proventia G Series XPU 22.4
- IBM Proventia G Series XPU 22.5
- IBM Proventia G Series XPU 22.6
- IBM Proventia G Series XPU 22.7
- IBM Proventia G Series XPU 22.8
- IBM Proventia G Series XPU 22.9
- IBM Proventia M Series XPU 1.1
- IBM Proventia M Series XPU 1.2
- IBM Proventia M Series XPU 1.3
- IBM Proventia M Series XPU 1.4
- IBM Proventia M Series XPU 1.5
- IBM Proventia M Series XPU 1.6
- IBM Proventia M Series XPU 1.7
- IBM Proventia M Series XPU 1.8
- IBM Proventia M Series XPU 1.9
- IBM RealSecure Desktop 3.6.0 ebz
- IBM RealSecure Desktop 3.6.0 eca
- IBM RealSecure Desktop 3.6.0 ecb
- IBM RealSecure Desktop 3.6.0 ecd
- IBM RealSecure Desktop 3.6.0 ece
- IBM RealSecure Desktop 3.6.0 ecf
- IBM RealSecure Desktop 7.0.0 eba
- IBM RealSecure Desktop 7.0.0 ebf
- IBM RealSecure Desktop 7.0.0 ebg
- IBM RealSecure Desktop 7.0.0 ebh
- IBM RealSecure Desktop 7.0.0 ebj
- IBM RealSecure Desktop 7.0.0 ebk
- IBM RealSecure Desktop 7.0.0 ebl
- IBM RealSecure Guard 3.6.0 ebz
- IBM RealSecure Guard 3.6.0 eca
- IBM RealSecure Guard 3.6.0 ecb
- IBM RealSecure Guard 3.6.0 ecc
- IBM RealSecure Guard 3.6.0 ecd
- IBM RealSecure Guard 3.6.0 ece
- IBM RealSecure Guard 3.6.0 ecf
- IBM RealSecure Network Sensor 7.0.0
- IBM RealSecure Network Sensor 7.0.0 XPU 20.11
- IBM RealSecure Network Sensor 7.0.0 XPU 22.10
- IBM RealSecure Network Sensor 7.0.0 XPU 22.4
- IBM RealSecure Network Sensor 7.0.0 XPU 22.9
- IBM RealSecure Sentry 3.6.0 ebz
- IBM RealSecure Sentry 3.6.0 eca
- IBM RealSecure Sentry 3.6.0 ecb
- IBM RealSecure Sentry 3.6.0 ecc
- IBM RealSecure Sentry 3.6.0 ecd
- IBM RealSecure Sentry 3.6.0 ece
- IBM RealSecure Sentry 3.6.0 ecf
- IBM RealSecure Server Sensor 5.0.0 Win
- IBM RealSecure Server Sensor 5.5.0 Win
- IBM RealSecure Server Sensor 5.5.1 Win
- IBM RealSecure Server Sensor 5.5.2 Win
- IBM RealSecure Server Sensor 6.0.0 Win
- IBM RealSecure Server Sensor 6.0.1 Win
- IBM RealSecure Server Sensor 6.0.1 Win SR1.1
- IBM RealSecure Server Sensor 6.5.0 Win
- IBM RealSecure Server Sensor 6.5.0 Win SR3.1
- IBM RealSecure Server Sensor 6.5.0 Win SR3.10
- IBM RealSecure Server Sensor 6.5.0 Win SR3.2
- IBM RealSecure Server Sensor 6.5.0 Win SR3.3
- IBM RealSecure Server Sensor 6.5.0 Win SR3.4
- IBM RealSecure Server Sensor 6.5.0 Win SR3.5
- IBM RealSecure Server Sensor 6.5.0 Win SR3.6
- IBM RealSecure Server Sensor 6.5.0 Win SR3.7
- IBM RealSecure Server Sensor 6.5.0 Win SR3.8
- IBM RealSecure Server Sensor 6.5.0 Win SR3.9
- IBM RealSecure Server Sensor 7.0.0 XPU 22.1
- IBM RealSecure Server Sensor 7.0.0 XPU 22.10
- IBM RealSecure Server Sensor 7.0.0 XPU 22.11
- IBM RealSecure Server Sensor 7.0.0 XPU 22.2
- IBM RealSecure Server Sensor 7.0.0 XPU 22.3
- IBM RealSecure Server Sensor 7.0.0 XPU 22.4
- IBM RealSecure Server Sensor 7.0.0 XPU 22.5
- IBM RealSecure Server Sensor 7.0.0 XPU 22.6
- IBM RealSecure Server Sensor 7.0.0 XPU 22.7
- IBM RealSecure Server Sensor 7.0.0 XPU 22.8
- IBM RealSecure Server Sensor 7.0.0 XPU 22.9
References
- BugTraq: 9913
- CVE: CVE-2004-0362
- URL: http://www.kb.cert.org/vuls/id/947254