Internet Security Systems BlackICE PC/Server Protection Weak Default Configuration Vulnerability
BID:9990
Info
Internet Security Systems BlackICE PC/Server Protection Weak Default Configuration Vulnerability
| Bugtraq ID: | 9990 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2004 12:00AM |
| Updated: | Mar 27 2004 12:00AM |
| Credit: | The vendor announced this vulnerability. |
| Vulnerable: |
Internet Security Systems BlackIce Server Protection 3.6 ccg Internet Security Systems BlackIce Server Protection 3.6 ccf Internet Security Systems BlackIce Server Protection 3.6 cce Internet Security Systems BlackIce Server Protection 3.6 ccd Internet Security Systems BlackIce Server Protection 3.6 ccc Internet Security Systems BlackIce Server Protection 3.6 ccb Internet Security Systems BlackIce Server Protection 3.6 cca Internet Security Systems BlackIce Server Protection 3.6 cbz Internet Security Systems BlackIce Server Protection 3.6 cbr Internet Security Systems BlackIce Server Protection 3.5 cdf Internet Security Systems BlackICE PC Protection 3.6 ccg Internet Security Systems BlackICE PC Protection 3.6 ccf Internet Security Systems BlackICE PC Protection 3.6 cce Internet Security Systems BlackICE PC Protection 3.6 ccd Internet Security Systems BlackICE PC Protection 3.6 ccc Internet Security Systems BlackICE PC Protection 3.6 ccb Internet Security Systems BlackICE PC Protection 3.6 cca Internet Security Systems BlackICE PC Protection 3.6 cbz Internet Security Systems BlackICE PC Protection 3.6 cbr Internet Security Systems BlackICE PC Protection 3.6 cbd Internet Security Systems BlackICE PC Protection 3.6 .cbz |
| Not Vulnerable: |
Internet Security Systems BlackIce Server Protection 3.6 cch Internet Security Systems BlackICE PC Protection 3.6 cch |
Discussion
Internet Security Systems BlackICE PC/Server Protection Weak Default Configuration Vulnerability
BlackICE PC/Server Protection has been reported prone to a weak configuration vulnerability. The issue presents itself due to a misconfiguration in the default settings of BlackICE PC Protection; the issue may result in a decrease in the level of protection that the software provides.
BlackICE PC/Server Protection has been reported prone to a weak configuration vulnerability. The issue presents itself due to a misconfiguration in the default settings of BlackICE PC Protection; the issue may result in a decrease in the level of protection that the software provides.
Exploit / POC
Internet Security Systems BlackICE PC/Server Protection Weak Default Configuration Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Internet Security Systems BlackICE PC/Server Protection Weak Default Configuration Vulnerability
Solution:
The vendor has released an upgrade to address this issue. It should be noted that there are reports that this upgrade may result in auto-blocking and a "Block all inbound connections" enabled setup, this may cause problems in certain environments:
Internet Security Systems BlackIce Server Protection 3.5 cdf
Internet Security Systems BlackIce Server Protection 3.6 ccg
Internet Security Systems BlackICE PC Protection 3.6 cbr
Internet Security Systems BlackICE PC Protection 3.6 ccg
Internet Security Systems BlackICE PC Protection 3.6 cce
Internet Security Systems BlackICE PC Protection 3.6 cbd
Internet Security Systems BlackIce Server Protection 3.6 cce
Internet Security Systems BlackICE PC Protection 3.6 ccb
Internet Security Systems BlackIce Server Protection 3.6 cbr
Internet Security Systems BlackICE PC Protection 3.6 ccf
Internet Security Systems BlackIce Server Protection 3.6 cca
Internet Security Systems BlackIce Server Protection 3.6 ccb
Internet Security Systems BlackIce Server Protection 3.6 cbz
Internet Security Systems BlackIce Server Protection 3.6 ccd
Internet Security Systems BlackIce Server Protection 3.6 ccc
Internet Security Systems BlackICE PC Protection 3.6 ccd
Internet Security Systems BlackICE PC Protection 3.6 .cbz
Internet Security Systems BlackICE PC Protection 3.6 ccc
Internet Security Systems BlackICE PC Protection 3.6 cca
Internet Security Systems BlackIce Server Protection 3.6 ccf
Internet Security Systems BlackICE PC Protection 3.6 cbz
Solution:
The vendor has released an upgrade to address this issue. It should be noted that there are reports that this upgrade may result in auto-blocking and a "Block all inbound connections" enabled setup, this may cause problems in certain environments:
Internet Security Systems BlackIce Server Protection 3.5 cdf
-
Internet Security Systems BlackICE Server Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_server_protection. jhtml
Internet Security Systems BlackIce Server Protection 3.6 ccg
-
Internet Security Systems BlackICE Server Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_server_protection. jhtml
Internet Security Systems BlackICE PC Protection 3.6 cbr
-
Internet Security Systems BlackICE PC Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtm l
Internet Security Systems BlackICE PC Protection 3.6 ccg
-
Internet Security Systems BlackICE PC Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtm l
Internet Security Systems BlackICE PC Protection 3.6 cce
-
Internet Security Systems BlackICE PC Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtm l
Internet Security Systems BlackICE PC Protection 3.6 cbd
-
Internet Security Systems BlackICE PC Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtm l
Internet Security Systems BlackIce Server Protection 3.6 cce
-
Internet Security Systems BlackICE Server Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_server_protection. jhtml
Internet Security Systems BlackICE PC Protection 3.6 ccb
-
Internet Security Systems BlackICE PC Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtm l
Internet Security Systems BlackIce Server Protection 3.6 cbr
-
Internet Security Systems BlackICE Server Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_server_protection. jhtml
Internet Security Systems BlackICE PC Protection 3.6 ccf
-
Internet Security Systems BlackICE PC Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtm l
Internet Security Systems BlackIce Server Protection 3.6 cca
-
Internet Security Systems BlackICE Server Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_server_protection. jhtml
Internet Security Systems BlackIce Server Protection 3.6 ccb
-
Internet Security Systems BlackICE Server Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_server_protection. jhtml
Internet Security Systems BlackIce Server Protection 3.6 cbz
-
Internet Security Systems BlackICE Server Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_server_protection. jhtml
Internet Security Systems BlackIce Server Protection 3.6 ccd
-
Internet Security Systems BlackICE Server Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_server_protection. jhtml
Internet Security Systems BlackIce Server Protection 3.6 ccc
-
Internet Security Systems BlackICE Server Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_server_protection. jhtml
Internet Security Systems BlackICE PC Protection 3.6 ccd
-
Internet Security Systems BlackICE PC Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtm l
Internet Security Systems BlackICE PC Protection 3.6 .cbz
-
Internet Security Systems BlackICE PC Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtm l
Internet Security Systems BlackICE PC Protection 3.6 ccc
-
Internet Security Systems BlackICE PC Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtm l
Internet Security Systems BlackICE PC Protection 3.6 cca
-
Internet Security Systems BlackICE PC Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtm l
Internet Security Systems BlackIce Server Protection 3.6 ccf
-
Internet Security Systems BlackICE Server Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_server_protection. jhtml
Internet Security Systems BlackICE PC Protection 3.6 cbz
-
Internet Security Systems BlackICE PC Protection 3.6 cch
http://blackice.iss.net/issEn/DLC/consumer/blackice_PC_Protection.jhtm l
References
Internet Security Systems BlackICE PC/Server Protection Weak Default Configuration Vulnerability
References:
References:
- BlackICE PC Protection Homepage (Internet Security Systems)
- Release Notes for ISS BlackICE PC Protection Release 3.6.cch (Internet Security Systems)
- Release Notes for ISS BlackICE Server Protection Release 3.6.cch (Internet Security Systems)
- Another ISS BlackIce & RealSecure Update ? (K-OTiK Security
) - Another ISS BlackIce & RealSecure Update ? (Jeff
)