ISS hit by major security hole

Security vendor Internet Security Systems Inc. (ISS) -- which describes itself as the "most trusted name in Internet security" -- has been hit by a critical hole in a common component of its security software that can allow someone to run programs on a machine over the Net.

The hole relates to the way ISS's products monitor ICQ server responses. A boundary error in the PAM (Protocol Analyses Module) component, regarding how it reads the SMB (Server Message Block) protocol, can be used to create a buffer overflow and so grant a remote malicious user complete control of a machine. It doesn't get any worse than that.

The PAM component is so basic that virtually all the company's products are affected, including the commonly used BlackICE security software, plus RealSecure and Proventia products. ISS, which was advised about the hole 10 days ago, have produced patches and upgrades for all its products and urges all customers to "immediately" download and install it.

The embarrassing hole was discovered by eEye Digital Security Inc. and ISS was informed of the problem on March 8. It developed the patches by March 18.

Join the newsletter!

Error: Please check your email address.

More about eEye Digital SecurityICQInternet Security SystemsISS GroupSecurity Systems

Show Comments