A week after first issuing an alert about the problem, firewall and intrusion-detection system vendor Internet Security Systems (ISS) released a patch to fix a security flaw in its BlackICE security products that could have led to a denial-of-service attack.
The flaw affects BlackICE Defender, BlackICE Agent and RealSecure Server Sensor running on Windows 2000 and Windows XP and can be exploited by sending a flood of modified ping packets to the vulnerable system, ISS said in its alert. The flood of packets would cause the applications' memory to be overwritten, either crashing or destabilizing the program, ISS said. Attackers may also be able to control what part of the memory is overwritten, allowing them to execute code of their choice, ISS continued.
The risk of the flaw to corporate users is likely to be small, according to ISS, since most corporate firewalls are configured to block the kind of traffic that would be used in this attack.
Affected versions of the software are: BlackICE Defender 2.9, BlackICE Defender for Server 2.9, BlackICE Agent for Workstation 3.0 and 3.1 and BlackICE Agent for Server 3.0 and 3.1, all on Windows 2000 and XP. RealSecure Server Sensor 6.0.1 and 6.5 on Windows 2000 are also affected.
Links to the appropriate patches are available on the front page of ISS' Web site, located at http://www.iss.net.
ISS acquired the BlackICE line of products in May 2001 when it purchased Network ICE Corp.