Internet Security Systems BlackICE PC Protection Upgrade File Permission Vulnerability
BID:9513
Info
Internet Security Systems BlackICE PC Protection Upgrade File Permission Vulnerability
| Bugtraq ID: | 9513 |
| Class: | Configuration Error |
| CVE: |
CVE-2004-2126 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 28 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery is credited to Secure Network Operations. |
| Vulnerable: |
Internet Security Systems BlackICE PC Protection 3.6 .cbz |
| Not Vulnerable: | |
Discussion
Internet Security Systems BlackICE PC Protection Upgrade File Permission Vulnerability
BlackICE PC Protection is reported to install various .ini files with insecure permissions after an upgrade. This may allow non-administrative users to modify or replace these files, facilitating other attacks. This could affect various security properties as configuration information for the software may be altered by an unauthorized user. There is also a buffer overrun that exists in the software when parsing various directives included in .ini files, as described in BID 9514. This additional issue could be exploited once the permissions have been lowered.
It should be noted that exploitation of other latent vulnerabilities, such as those described in BID 8577 could create a situation where a remote attacker could place a hostile .ini on the local file system that is designed to weaken the security provided by the software or exploit the buffer overrun described in BID 9514.
This issue has been reported to occur when the software is upgraded to version 3.6.cbz.
BlackICE PC Protection is reported to install various .ini files with insecure permissions after an upgrade. This may allow non-administrative users to modify or replace these files, facilitating other attacks. This could affect various security properties as configuration information for the software may be altered by an unauthorized user. There is also a buffer overrun that exists in the software when parsing various directives included in .ini files, as described in BID 9514. This additional issue could be exploited once the permissions have been lowered.
It should be noted that exploitation of other latent vulnerabilities, such as those described in BID 8577 could create a situation where a remote attacker could place a hostile .ini on the local file system that is designed to weaken the security provided by the software or exploit the buffer overrun described in BID 9514.
This issue has been reported to occur when the software is upgraded to version 3.6.cbz.
Exploit / POC
Internet Security Systems BlackICE PC Protection Upgrade File Permission Vulnerability
There is no exploit required for this vulnerability.
There is no exploit required for this vulnerability.
Solution / Fix
Internet Security Systems BlackICE PC Protection Upgrade File Permission Vulnerability
Solution:
The vendor has reportedly released a fix. This has not been confirmed by Symantec. Affected users should contact the vendor to determine the availability of fixes.
Solution:
The vendor has reportedly released a fix. This has not been confirmed by Symantec. Affected users should contact the vendor to determine the availability of fixes.
References
Internet Security Systems BlackICE PC Protection Upgrade File Permission Vulnerability
References:
References:
- BlackICE PC Protection Homepage (Internet Security Systems)
- ISS BlackIce Server Protect Unprivileged User Attack ("Thomas Ryan"
) - SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM (KF
)