CVE-2004-1714
CVSS2.1
发布时间 :2004-08-11 00:00:00
修订时间 :2016-10-17 22:59:41
NMCOES    

[原文]BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.


[CNNVD]ISS BlackICE Server Protect本地用户防火墙规则修改漏洞(CNNVD-200408-128)

        
        BlackICE Server Protect是ISS开发的防火墙系统。
        BlackICE Server Protect firewall.ini默认权限设置不正确,本地攻击者可以利用这个漏洞修改配置文件,破坏防火墙规则。
        当BlackICE安装后,会在本地C:\Program Files\ISS\Blackice目录中安装firewall.ini文件,但是默认ACL规则是所有人控制。这就允许本地非特权用户删除或修改防火墙规则,导致原有安全规则破坏。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:iss:blackice_pc_protection:3.6cbrInternet Security Systems BlackICE PC Protection 3.6cbr
cpe:/a:iss:blackice_server_protection:3.6cchInternet Security Systems BlackICE Server Protection 3.6cch
cpe:/a:iss:blackice_pc_protection:3.6cbzInternet Security Systems BlackICE PC Protection 3.6cbz
cpe:/a:iss:blackice_server_protection:3.6cceInternet Security Systems BlackICE Server Protection 3.6cce
cpe:/a:iss:blackice_server_protection:3.5cdfInternet Security Systems BlackICE Server Protection 3.5cdf
cpe:/a:iss:blackice_server_protection:3.6ccfInternet Security Systems BlackICE Server Protection 3.6ccf
cpe:/a:iss:blackice_server_protection:3.6cccInternet Security Systems BlackICE Server Protection 3.6ccc
cpe:/a:iss:blackice_server_protection:3.6ccdInternet Security Systems BlackICE Server Protection 3.6ccd
cpe:/a:iss:blackice_server_protection:3.6cnoInternet Security Systems BlackICE Server Protection 3.6cno
cpe:/a:iss:blackice_pc_protection:3.6ccbInternet Security Systems BlackICE PC Protection 3.6ccb
cpe:/a:iss:blackice_pc_protection:3.6ccaInternet Security Systems BlackICE PC Protection 3.6cca
cpe:/a:iss:blackice_server_protection:3.6ccgInternet Security Systems BlackICE Server Protection 3,6ccg
cpe:/a:iss:blackice_pc_protection:3.6cccInternet Security Systems BlackICE PC Protection 3.6ccc
cpe:/a:iss:blackice_pc_protection:3.6ccfInternet Security Systems BlackICE PC Protection 3.6ccf
cpe:/a:iss:blackice_pc_protection:3.6cbdInternet Security Systems BlackICE PC Protection 3.6cbd
cpe:/a:iss:blackice_pc_protection:3.6cceInternet Security Systems BlackICE PC Protection 3.6cce
cpe:/a:iss:blackice_server_protection:3.6cbzInternet Security Systems BlackICE Server Protection 3.6cbz
cpe:/a:iss:blackice_pc_protection:3.6ccgInternet Security Systems BlackICE PC Protection 3.6ccg
cpe:/a:iss:blackice_server_protection:3.6ccaInternet Security Systems BlackICE Server Protection 3.6cca
cpe:/a:iss:blackice_server_protection:3.6ccbInternet Security Systems BlackICE Server Protection 3.6ccb
cpe:/a:iss:blackice_pc_protection:3.6ccdInternet Security Systems BlackICE PC Protection 3.6ccd

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1714
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1714
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-128
(官方数据源) CNNVD

- 其它链接及资源

http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025112.html
(VENDOR_ADVISORY)  FULLDISC  20040811 ISS BlackIce Server Protect Unprivileged User Attack
http://marc.info/?l=bugtraq&m=109223751031166&w=2
(UNKNOWN)  BUGTRAQ  20040811 BlackICE unprivileged local user attack
http://www.securityfocus.com/bid/10915
(VENDOR_ADVISORY)  BID  10915
http://xforce.iss.net/xforce/xfdb/16959
(VENDOR_ADVISORY)  XF  blackice-firewall-dos(16959)

- 漏洞信息

ISS BlackICE Server Protect本地用户防火墙规则修改漏洞
低危 边界条件错误
2004-08-11 00:00:00 2005-10-20 00:00:00
本地  
        
        BlackICE Server Protect是ISS开发的防火墙系统。
        BlackICE Server Protect firewall.ini默认权限设置不正确,本地攻击者可以利用这个漏洞修改配置文件,破坏防火墙规则。
        当BlackICE安装后,会在本地C:\Program Files\ISS\Blackice目录中安装firewall.ini文件,但是默认ACL规则是所有人控制。这就允许本地非特权用户删除或修改防火墙规则,导致原有安全规则破坏。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 修改firewall.ini的ACL控制规则为管理员和SYSTEM用户可修改。
        厂商补丁:
        ISS
        ---
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.iss.net

- 漏洞信息 (24362)

Internet Security Systems BlackICE PC Protection 3.6 Firewall.INI Local Buffer Overrun Vulnerability (EDBID:24362)
windows dos
2004-08-11 Verified
0 Paul Craig
N/A [点击下载]
source: http://www.securityfocus.com/bid/10915/info

It is reported that BlackICE PC Protection is prone to a local buffer overrun when handling excessive input in certain configuration directives parsed from the firewall.ini file included with the software.

It is reported that when the system is restarted, and the affected software reads the malicious firewall.ini file both the blackice.exe and blackd.exe executables will crash.

REJECT, 138, default, 1999-07-22 20:26:53, AAAAAAAAAAAAAAAAA.... , 2000,
unknown

(Aprox 1000 A's)		

- 漏洞信息

8721
BlackICE/PC Protection Unprivileged User Local DoS
Local Access Required Denial of Service, Input Manipulation
Loss of Availability
Exploit Public

- 漏洞描述

A local overflow exists in BlackIce/PC Protection. The BlackIce/PC Protection fails to filter overly long firewall rules resulting in a buffer overflow. With a specially crafted rule, an attacker can cause the firewall to crash when restarted resulting in a loss of firewall availability and leaving protected services exposed. When crashed there will be no popups or log entries (in default configuration) warning about the crash.

- 时间线

2004-08-14 Unknow
2004-08-14 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Apply proper privileges to the firewall.ini configuration file so only authorized users can alter firewall rules.

- 相关参考

- 漏洞作者

- 漏洞信息

Internet Security Systems BlackICE PC Protection Firewall.INI Local Buffer Overrun Vulnerability
Boundary Condition Error 10915
No Yes
2004-08-11 12:00:00 2009-07-12 06:16:00
Discovery of this vulnerability is credited to Paul Craig of Pimp Industries.

- 受影响的程序版本

Internet Security Systems BlackIce Server Protection 3.6 cch
Internet Security Systems BlackIce Server Protection 3.6 ccg
Internet Security Systems BlackIce Server Protection 3.6 ccf
Internet Security Systems BlackIce Server Protection 3.6 cce
Internet Security Systems BlackIce Server Protection 3.6 ccd
Internet Security Systems BlackIce Server Protection 3.6 ccc
Internet Security Systems BlackIce Server Protection 3.6 ccb
Internet Security Systems BlackIce Server Protection 3.6 cca
Internet Security Systems BlackIce Server Protection 3.6 cbz
Internet Security Systems BlackIce Server Protection 3.6 cbr
Internet Security Systems BlackIce Server Protection 3.6 .cno
Internet Security Systems BlackIce Server Protection 3.5 cdf
Internet Security Systems BlackICE PC Protection 3.6 ccg
Internet Security Systems BlackICE PC Protection 3.6 ccf
Internet Security Systems BlackICE PC Protection 3.6 cce
Internet Security Systems BlackICE PC Protection 3.6 ccd
Internet Security Systems BlackICE PC Protection 3.6 ccc
Internet Security Systems BlackICE PC Protection 3.6 ccb
Internet Security Systems BlackICE PC Protection 3.6 cca
Internet Security Systems BlackICE PC Protection 3.6 cbz
Internet Security Systems BlackICE PC Protection 3.6 cbr
Internet Security Systems BlackICE PC Protection 3.6 cbd
Internet Security Systems BlackICE PC Protection 3.6 .cbz

- 漏洞讨论

It is reported that BlackICE PC Protection is prone to a local buffer overrun when handling excessive input in certain configuration directives parsed from the firewall.ini file included with the software.

It is reported that when the system is restarted, and the affected software reads the malicious firewall.ini file both the blackice.exe and blackd.exe executables will crash.

- 漏洞利用

The following example is available:

REJECT, 138, default, 1999-07-22 20:26:53, AAAAAAAAAAAAAAAAA.... , 2000,
unknown

(Aprox 1000 A's)

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站