Re: Vulnerability in Black ICE Defender

From: advisories (advisoriesat_private)
Date: Mon Feb 04 2002 - 15:29:14 PST

Next message: Francisco Sáa Muñoz: "cachemgr.cgi (squid 2.3STABLE4)"

Previous message: bugtraq@t-swat.com: "Re: DoS bug on Tru64"
Maybe in reply to: Matt Taylor: "Vulnerability in Black ICE Defender"
Next in thread: Swift Griggs: "Re: Vulnerability in Black ICE Defender"
Reply: Swift Griggs: "Re: Vulnerability in Black ICE Defender"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I verified this vulnerability in BlackICE Defender 2.9.can as well.

---------- Original Message ----------------------------------
From: "Matt Taylor" <quisitat_private>
Date:  Sun, 3 Feb 2002 22:26:50 -0600

>The current version of BlackICE Defender (2.9.caq and 2.9.cap) running on a
>Windows 2000 machine can be remotely crashed using a very basic ping flood.
>This has been tested with Divine Intervention 2 & 3, Sisoft Sandra Network
>(LAN) benchmark.
>Setting the packet size to about 10,000 bytes causes a Blue Screen of Death
>(or immediate system reboot). After extensive correspondence with ISS
>support they basically told me they'd "look into it." They have not
>responded since 12/21/01 and their newest patch 2.9.caq (released after)
>does not address this issue. More details available if requested.
>
>Matt Taylor
>
>

Next message: Francisco Sáa Muñoz: "cachemgr.cgi (squid 2.3STABLE4)"
Previous message: bugtraq@t-swat.com: "Re: DoS bug on Tru64"
Maybe in reply to: Matt Taylor: "Vulnerability in Black ICE Defender"
Next in thread: Swift Griggs: "Re: Vulnerability in Black ICE Defender"
Reply: Swift Griggs: "Re: Vulnerability in Black ICE Defender"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 16:54:08 PST