BlackICE/PC Protection Unprivileged User Local DoS

2004-08-14T05:02:10
ID OSVDB:8721
Type osvdb
Reporter Paul Craig(headpimp@pimp-industries.com)
Modified 2004-08-14T05:02:10

Description

Vulnerability Description

A local overflow exists in BlackIce/PC Protection. The BlackIce/PC Protection fails to filter overly long firewall rules resulting in a buffer overflow. With a specially crafted rule, an attacker can cause the firewall to crash when restarted resulting in a loss of firewall availability and leaving protected services exposed. When crashed there will be no popups or log entries (in default configuration) warning about the crash.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Apply proper privileges to the firewall.ini configuration file so only authorized users can alter firewall rules.

Short Description

A local overflow exists in BlackIce/PC Protection. The BlackIce/PC Protection fails to filter overly long firewall rules resulting in a buffer overflow. With a specially crafted rule, an attacker can cause the firewall to crash when restarted resulting in a loss of firewall availability and leaving protected services exposed. When crashed there will be no popups or log entries (in default configuration) warning about the crash.

Manual Testing Notes

Following example is available: REJECT, 138, default, 1999-07-22 20:26:53, AAAAAAAAAAAAAAAAA.... , 2000, unknown Approximately 1000 A's are needed in order to cause overflow.

References:

Vendor URL: http://www.iss.net/ Related OSVDB ID: 8701 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0449.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0458.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0150.html ISS X-Force ID: 16959 CVE-2004-1714 Bugtraq ID: 10915