Detections
Analytics
ISS BlackICE / RealSecure Large ICMP Ping Packet Overflow DoS
high Nessus Plugin ID 10927
Synopsis
The application running on the remote host has a remote buffer overflow vulnerability.Description
The remote host appears to be running either BlackICE or RealSecure Server Sensor.This application has a remote buffer overflow vulnerability. It was possible to crash the application by flooding it with 10 KB ping packets.
A remote attacker could exploit this to cause a denial of service, or potentially execute arbitrary code.
Solution
Apply the appropriate patch referenced in the ISS advisory.See Also
https://seclists.org/bugtraq/2002/Feb/37
https://seclists.org/bugtraq/2002/Feb/51
https://seclists.org/bugtraq/2002/Feb/48
http://web.archive.org/web/20131113184518/http://www.iss.net:80/threats/advise109.html
Plugin Details
Severity: High
ID: 10927
File Name: blackice_dos.nasl
Version: 1.34
Type: remote
Family: Firewalls
Published: 3/29/2002
Updated: 4/11/2022
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: Settings/ParanoidReport, Settings/ThoroughTests
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 2/4/2002
Reference Information
CVE: CVE-2002-0237
BID: 4025