ZA/Black Ice vulnerabilities?

Author	All Replies
qrkx Premium join:2003-04-26 Montreal, QC	ZA/Black Ice vulnerabilities? Haven't seen any comments on this yet...apologies if I missed any threads discussing it. "Description: A remotely-exploitable vulnerability that allows anonymous attackers to compromise default installations of the affected software and gain the highest possible level of access (SYSTEM)." »www.eeye.com/html/Research/Upcom···213.html »www.eeye.com/html/Research/Upcom···3-2.html rgds.
	to forum · permalink · · 2004-02-15 11:03:46 ·
Tablet Premium join:2003-01-15 Czech	Whow, so far I couldn't find any detailed write-up on these. Wonder if they are somehow connected with the ASN vulnerabilities announced last week.
	to forum · permalink · · 2004-02-15 11:09:12 ·
Jan Janowski join:2000-06-18 Skokie, IL	reply to qrkx Not going to say I agree or disagree with this... But, other than stating this, do they provide any proof or test? Looks like a statement without supporting facts, to me... -- Looking for 1939 Indian Motocycle
	to forum · permalink · · 2004-02-15 11:09:46 ·
qrkx Premium join:2003-04-26 Montreal, QC	reply to Tablet said by Tablet : Whow, so far I couldn't find any detailed write-up on these. Wonder if they are somehow connected with the ASN vulnerabilities announced last week. Hmm...the key word is remotely-exploitable. Does a default install of ZA/BI leave anything open? I am not familiar with either of the two softs mentioned. rgds.
	to forum · permalink · · 2004-02-15 11:11:00 ·
qrkx Premium join:2003-04-26 Montreal, QC	reply to Jan Janowski said by Jan Janowski : Not going to say I agree or disagree with this... But, other than stating this, do they provide any proof or test? Looks like a statement without supporting facts, to me... Easy....It's eeye. They notified the vendors and they will wait until a patch is released (could be 200 days or more) rgds.
	to forum · permalink · · 2004-02-15 11:12:10 ·
Tablet Premium join:2003-01-15 Czech	reply to qrkx said by qrkx : said by Tablet : Whow, so far I couldn't find any detailed write-up on these. Wonder if they are somehow connected with the ASN vulnerabilities announced last week. Hmm...the key word is remotely-exploitable. Does a default install of ZA/BI leave anything open? I am not familiar with either of the two softs mentioned. rgds. That's why I'm wondering about a connection with the ASN vulnerabilities. Even though the packets are denied by the fw, they still need to be checked by the firewall. And if some of the vulnerable ASN-dlls is used for this checking, then we're set. But this is really hypothetical, not even sure if it is feasible.
	to forum · permalink · · 2004-02-15 11:14:12 ·
Jan Janowski join:2000-06-18 Skokie, IL ·AT&T Midwest	reply to qrkx I've tried a couple of previously posted items... Each time, BID (Yeah I know it is Black Ice PC Protector -- I'm just calling it what I remember easiest.... ) tries this exploit, Applications Protection stops it and asks me if I want to allow it... Betcha ZA does something simelar (Not familiar with ZA).... As I run both parts of BID, and it has been good to me for years, Until someone posts something definitive, I'm not concerned.... And If they do post something... I'll forward it to BID people, and see what their response is! Betcha ZA users think about the same as I do... -- Looking for 1939 Indian Motocycle
	to forum · permalink · · 2004-02-15 11:15:17 ·
jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	reply to qrkx Oops, had me going there until I read the two advisories. (I thought it was a reference to a combinatorial problem.) Quite a teaser. I've got a guess as to where they are going to go with this, but I'll just keep it to myself until eEye sees fits to publish. -- Regards, Joseph V. Morris
	to forum · permalink · · 2004-02-15 11:17:02 ·
Tablet Premium join:2003-01-15 Czech	reply to Jan Janowski I really would be concerned, eEye are serious security researches and they wouldn't issue a write-up without real prior testing.
	to forum · permalink · · 2004-02-15 11:18:03 ·
qrkx Premium join:2003-04-26 Montreal, QC	reply to Tablet said by Tablet : That's why I'm wondering about a connection with the ASN vulnerabilities. Even though the packets are denied by the fw, they still need to be checked by the firewall. And if some of the vulnerable ASN-dlls is used for this checking, then we're set. But this is really hypothetical, not even sure if it is feasible. For a remotely exploitable trick some application server must run and be open for ASN to be exploited remotely. Otherwise it would be a local exploit/or social engineering based(relying on the user to perform a specific task). rgds.
	to forum · permalink · · 2004-02-15 11:19:05 ·
qrkx Premium join:2003-04-26 Montreal, QC	reply to jvmorris said by jvmorris : Quite a teaser. I've got a guess as to where they are going to go with this, but I'll just keep it to myself until eEye sees fits to publish. rgds.
	to forum · permalink · · 2004-02-15 11:20:01 ·
qrkx Premium join:2003-04-26 Montreal, QC	reply to Jan Janowski said by Jan Janowski : As I run both parts of BID, and it has been good to me for years, Until someone posts something definitive, I'm not concerned.... Betcha ZA users think about the same as I do... Upon reflection I do not wish to answer.... rgds.
	to forum · permalink · · 2004-02-15 11:22:45 ·
Jan Janowski join:2000-06-18 Skokie, IL ·AT&T Midwest	Hey! Unless we decide to write our/my own code (not on your life! ) all we can do is go on past history with the product... And assume that their code writers are on top of it, or working on it... All we can do is configure our own systems to be as secure as possible..... -- Looking for 1939 Indian Motocycle
	to forum · permalink · · 2004-02-15 11:28:30 ·
DaHen Premium join:2002-11-08 Brockton, MA	reply to qrkx Thanks muchly for bring this to our attention. Will keep an eeye (little pun, their) on this.
	to forum · permalink · · 2004-02-15 11:40:45 ·
qrkx Premium join:2003-04-26 Montreal, QC	reply to Jan Janowski said by Jan Janowski : Hey! Unless we decide to write our/my own code (not on your life! ) all we can do is go on past history with the product... And assume that their code writers are on top of it, or working on it... All we can do is configure our own systems to be as secure as possible..... Yes. The vendors have been notified and they will fix it. The question remaining is "do you feel lucky punk"? Is Eeye the only researcher that holds the vulnerability details? Until zero day, will you shiver and sob at the idea that you are exposed? Seriously though, this just goes to show that security is such an elusive state...There's no reason to panic but it begs the question of why isn't everyone going nuts - as they do when similar advisories concern msft? rgds.
	to forum · permalink · · 2004-02-15 11:41:39 ·
jvmorris I Am The Man Who Was Not There. Premium,MVM join:2001-04-03 Reston, VA	reply to Jan Janowski Jan, A hint . . . qrkx has highlighted one part of the write-ups; I would highlight another -- default installations. What distinguishes 'default installations' of ZA/BID from the other popular software firewalls? Think about it. -- Regards, Joseph V. Morris
	to forum · permalink · · 2004-02-15 11:42:58 ·
major marco Res Firma Mitescere Nescit Premium join:2003-02-13 Stepford, CA clubs:	reply to qrkx I would think if you've disabled remote operation of the OS and applied the ASN.1 patch (among other critical Windows patches) then you'd be in good shape. I don't doubt EEye's veracity, however, I don't usually go running around crying that the sky is falling on such pale evidence, either. -- MoveOn.org - DigitalConsumer.org - FTCR.org - Privacy.org - Adbusters.org - Eff.com - Democraticmedia.org - HealthPrivacy.org - Hacktivismo.com - ClearChannelSucks.org - Epic.org - ArnoldWatch.org - major_marco.tripod.com
	to forum · permalink · · 2004-02-15 16:46:15 ·
jansson_mark Markus Jansson Premium join:2001-08-05 Finland	reply to jvmorris said by jvmorris : What distinguishes 'default installations' of ZA/BID from the other popular software firewalls? It leaves broadcast/multicast traffic pass? It does not have password to protect the settings? Thats pretty much all I can think about here. -- My computer security & privacy related homepage »www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy.
	to forum · permalink · · 2004-02-15 17:10:22 ·
keith2468 Premium,MVM join:2001-02-03 Winnipeg, MB	reply to qrkx Default installations of all versions of BID and ZA, not any installation. So it doesn't sound like a buffer overflow exploit. It doesn't mention particular versions of OS, so it doesn't sound to me like an M$ issue. I'd go along with that sounding like possibly a trojan or virus could alter settings if they aren't password protected. But how does that in itself allow remote code exectution?
	to forum · permalink · · 2004-02-15 18:05:10 ·
Tablet Premium join:2003-01-15 Czech	reply to qrkx There is also a short discussion about this on ZoneAlarm forum: »forums.zonelabs.com/zonelabs/boa···.id=3856
	to forum · permalink · · 2004-02-15 18:06:58 ·


Wednesday, 25-Nov 19:22:41	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF