Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Blackice_agent_server | Iss | 3.6ebz (including) | 3.6ebz (including) |
| Blackice_agent_server | Iss | 3.6eca (including) | 3.6eca (including) |
| Blackice_agent_server | Iss | 3.6ecb (including) | 3.6ecb (including) |
| Blackice_agent_server | Iss | 3.6ecc (including) | 3.6ecc (including) |
| Blackice_agent_server | Iss | 3.6ecd (including) | 3.6ecd (including) |
| Blackice_agent_server | Iss | 3.6ece (including) | 3.6ece (including) |
| Blackice_agent_server | Iss | 3.6ecf (including) | 3.6ecf (including) |
| Blackice_pc_protection | Iss | 3.6cbz (including) | 3.6cbz (including) |
| Blackice_pc_protection | Iss | 3.6cca (including) | 3.6cca (including) |
| Blackice_pc_protection | Iss | 3.6ccb (including) | 3.6ccb (including) |
| Blackice_pc_protection | Iss | 3.6ccc (including) | 3.6ccc (including) |
| Blackice_pc_protection | Iss | 3.6ccd (including) | 3.6ccd (including) |
| Blackice_pc_protection | Iss | 3.6cce (including) | 3.6cce (including) |
| Blackice_pc_protection | Iss | 3.6ccf (including) | 3.6ccf (including) |
| Blackice_server_protection | Iss | 3.6cbz (including) | 3.6cbz (including) |
| Blackice_server_protection | Iss | 3.6cca (including) | 3.6cca (including) |
| Blackice_server_protection | Iss | 3.6ccb (including) | 3.6ccb (including) |
| Blackice_server_protection | Iss | 3.6ccc (including) | 3.6ccc (including) |
| Blackice_server_protection | Iss | 3.6ccd (including) | 3.6ccd (including) |
| Blackice_server_protection | Iss | 3.6cce (including) | 3.6cce (including) |
| Blackice_server_protection | Iss | 3.6ccf (including) | 3.6ccf (including) |
| Realsecure_desktop | Iss | 3.6ebz (including) | 3.6ebz (including) |
| Realsecure_desktop | Iss | 3.6eca (including) | 3.6eca (including) |
| Realsecure_desktop | Iss | 3.6ecb (including) | 3.6ecb (including) |
| Realsecure_desktop | Iss | 3.6ecd (including) | 3.6ecd (including) |
| Realsecure_desktop | Iss | 3.6ece (including) | 3.6ece (including) |
| Realsecure_desktop | Iss | 3.6ecf (including) | 3.6ecf (including) |
| Realsecure_desktop | Iss | 7.0eba (including) | 7.0eba (including) |
| Realsecure_desktop | Iss | 7.0ebf (including) | 7.0ebf (including) |
| Realsecure_desktop | Iss | 7.0ebg (including) | 7.0ebg (including) |
| Realsecure_desktop | Iss | 7.0ebh (including) | 7.0ebh (including) |
| Realsecure_desktop | Iss | 7.0ebj (including) | 7.0ebj (including) |
| Realsecure_desktop | Iss | 7.0ebk (including) | 7.0ebk (including) |
| Realsecure_desktop | Iss | 7.0ebl (including) | 7.0ebl (including) |
| Realsecure_guard | Iss | 3.6ebz (including) | 3.6ebz (including) |
| Realsecure_guard | Iss | 3.6eca (including) | 3.6eca (including) |
| Realsecure_guard | Iss | 3.6ecb (including) | 3.6ecb (including) |
| Realsecure_guard | Iss | 3.6ecc (including) | 3.6ecc (including) |
| Realsecure_guard | Iss | 3.6ecd (including) | 3.6ecd (including) |
| Realsecure_guard | Iss | 3.6ece (including) | 3.6ece (including) |
| Realsecure_guard | Iss | 3.6ecf (including) | 3.6ecf (including) |
| Realsecure_network_sensor | Iss | 7.0 (including) | 7.0 (including) |
| Realsecure_network_sensor | Iss | 7.0-xpu_20.11 (including) | 7.0-xpu_20.11 (including) |
| Realsecure_network_sensor | Iss | 7.0-xpu_22.10 (including) | 7.0-xpu_22.10 (including) |
| Realsecure_network_sensor | Iss | 7.0-xpu_22.4 (including) | 7.0-xpu_22.4 (including) |
| Realsecure_network_sensor | Iss | 7.0-xpu_22.9 (including) | 7.0-xpu_22.9 (including) |
| Realsecure_sentry | Iss | 3.6ebz (including) | 3.6ebz (including) |
| Realsecure_sentry | Iss | 3.6eca (including) | 3.6eca (including) |
| Realsecure_sentry | Iss | 3.6ecb (including) | 3.6ecb (including) |
| Realsecure_sentry | Iss | 3.6ecc (including) | 3.6ecc (including) |
| Realsecure_sentry | Iss | 3.6ecd (including) | 3.6ecd (including) |
| Realsecure_sentry | Iss | 3.6ece (including) | 3.6ece (including) |
| Realsecure_sentry | Iss | 3.6ecf (including) | 3.6ecf (including) |
| Realsecure_server_sensor | Iss | 6.0 (including) | 6.0 (including) |
| Realsecure_server_sensor | Iss | 6.0.1 (including) | 6.0.1 (including) |
| Realsecure_server_sensor | Iss | 6.0.1_win_sr1.1 (including) | 6.0.1_win_sr1.1 (including) |
| Realsecure_server_sensor | Iss | 6.5 (including) | 6.5 (including) |
| Realsecure_server_sensor | Iss | 6.5-sr3.2 (including) | 6.5-sr3.2 (including) |
| Realsecure_server_sensor | Iss | 6.5-sr3.3 (including) | 6.5-sr3.3 (including) |
| Realsecure_server_sensor | Iss | 6.5_win_sr3.1 (including) | 6.5_win_sr3.1 (including) |
| Realsecure_server_sensor | Iss | 6.5_win_sr3.4 (including) | 6.5_win_sr3.4 (including) |
| Realsecure_server_sensor | Iss | 6.5_win_sr3.5 (including) | 6.5_win_sr3.5 (including) |
| Realsecure_server_sensor | Iss | 6.5_win_sr3.6 (including) | 6.5_win_sr3.6 (including) |
| Realsecure_server_sensor | Iss | 6.5_win_sr3.7 (including) | 6.5_win_sr3.7 (including) |
| Realsecure_server_sensor | Iss | 6.5_win_sr3.8 (including) | 6.5_win_sr3.8 (including) |
| Realsecure_server_sensor | Iss | 6.5_win_sr3.9 (including) | 6.5_win_sr3.9 (including) |
| Realsecure_server_sensor | Iss | 6.5_win_sr3.10 (including) | 6.5_win_sr3.10 (including) |
| Realsecure_server_sensor | Iss | 7.0-xpu22.1 (including) | 7.0-xpu22.1 (including) |
| Realsecure_server_sensor | Iss | 7.0-xpu22.10 (including) | 7.0-xpu22.10 (including) |
| Realsecure_server_sensor | Iss | 7.0-xpu22.11 (including) | 7.0-xpu22.11 (including) |
| Realsecure_server_sensor | Iss | 7.0-xpu22.2 (including) | 7.0-xpu22.2 (including) |
| Realsecure_server_sensor | Iss | 7.0-xpu22.3 (including) | 7.0-xpu22.3 (including) |
| Realsecure_server_sensor | Iss | 7.0-xpu22.4 (including) | 7.0-xpu22.4 (including) |
| Realsecure_server_sensor | Iss | 7.0-xpu22.5 (including) | 7.0-xpu22.5 (including) |
| Realsecure_server_sensor | Iss | 7.0-xpu22.6 (including) | 7.0-xpu22.6 (including) |
| Realsecure_server_sensor | Iss | 7.0-xpu22.7 (including) | 7.0-xpu22.7 (including) |
| Realsecure_server_sensor | Iss | 7.0-xpu22.8 (including) | 7.0-xpu22.8 (including) |
| Realsecure_server_sensor | Iss | 7.0-xpu22.9 (including) | 7.0-xpu22.9 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=107965651712378\u0026w=2
- http://secunia.com/advisories/11073
- http://www.ciac.org/ciac/bulletins/o-104.shtml
- http://www.eeye.com/html/Research/Advisories/AD20040318.html
- http://www.kb.cert.org/vuls/id/947254
- http://www.osvdb.org/4355
- http://www.securityfocus.com/bid/9913
- http://xforce.iss.net/xforce/alerts/id/166
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15543
- http://marc.info/?l=bugtraq\u0026m=107965651712378\u0026w=2
- http://secunia.com/advisories/11073
- http://www.ciac.org/ciac/bulletins/o-104.shtml
- http://www.eeye.com/html/Research/Advisories/AD20040318.html
- http://www.kb.cert.org/vuls/id/947254
- http://www.osvdb.org/4355
- http://www.securityfocus.com/bid/9913
- http://xforce.iss.net/xforce/alerts/id/166
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15543