CERTA-2006-AVI-314

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été identifiée dans les produits ISS RealSecure/BlackICE. Une personne malveillante peut envoyer un paquet spécialement conçu utilisant cette dernière afin de créer un déni de service sur le système vulnérable.

Description

Une vulnérabilité a été identifiée dans les outils de sécurité d'ISS RealSecure/BlackICE. Ils analysent le protocole SMB/TCP afin de détecter des codes malveillants visant la vulnérabilité SMB Mailhost décrite dans l'avis Microsoft MS06-035. Cependant, la phase d'analyse n'est pas correctement effectuée, et du trafic pouvant être légitime cause une erreur dans le système affecté, ou provoque une perte de connexion nécessitant un redémarrage. Une personne malveillante peut également envoyer des paquets similaires afin de créer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs, prénommés XPU (XPU 24.40) par ISS (cf. section Documentation).

None
Impacted products
Vendor Product Description
N/A N/A ISS Proventia Desktop ;
N/A N/A ISS RealSecure Network Sensor 7.0 ;
N/A N/A ISS RealSecure Desktop;
N/A N/A ISS Proventia G Series ;
N/A N/A ISS Proventia A Series ;
N/A N/A ISS Proventia Server ;
N/A N/A ISS RealSecure Server Sensor 7.0.
N/A N/A ISS Proventia M Series ;
N/A N/A ISS BlackICE Server Protection 3.6 ;
N/A N/A ISS BlackICE PC Protection 3.6 ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ISS Proventia Desktop ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ISS RealSecure Network Sensor 7.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ISS RealSecure Desktop;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ISS Proventia G Series ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ISS Proventia A Series ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ISS Proventia Server ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ISS RealSecure Server Sensor 7.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ISS Proventia M Series ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ISS BlackICE Server Protection 3.6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ISS BlackICE PC Protection 3.6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les outils de s\u00e9curit\u00e9 d\u0027ISS\nRealSecure/BlackICE. Ils analysent le protocole SMB/TCP afin de d\u00e9tecter\ndes codes malveillants visant la vuln\u00e9rabilit\u00e9 SMB Mailhost d\u00e9crite dans\nl\u0027avis Microsoft MS06-035. Cependant, la phase d\u0027analyse n\u0027est pas\ncorrectement effectu\u00e9e, et du trafic pouvant \u00eatre l\u00e9gitime cause une\nerreur dans le syst\u00e8me affect\u00e9, ou provoque une perte de connexion\nn\u00e9cessitant un red\u00e9marrage. Une personne malveillante peut \u00e9galement\nenvoyer des paquets similaires afin de cr\u00e9er un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs, pr\u00e9nomm\u00e9s XPU (XPU 24.40) par ISS (cf. section\nDocumentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3840"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-035 du 11 juillet 2006    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS06-035.mspx"
    },
    {
      "title": "Site de mise \u00e0 jour d\u0027ISS :",
      "url": "http://www.iss.net/download"
    },
    {
      "title": "Avis du CERTA CERTA-2006-AVI-283 correspondant au bulletin    Microsoft MS06-035 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-AVI-283/"
    },
    {
      "title": "Alerte de s\u00e9curit\u00e9 de ISS (Internet Security Systems) du 26    juillet 2006 :",
      "url": "http://xforce.iss.net/xforce/alerts/id/230"
    }
  ],
  "reference": "CERTA-2006-AVI-314",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-07-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les produits ISS\nRealSecure/BlackICE. Une personne malveillante peut envoyer un paquet\nsp\u00e9cialement con\u00e7u utilisant cette derni\u00e8re afin de cr\u00e9er un d\u00e9ni de\nservice sur le syst\u00e8me vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits ISS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 de ISS (Internet Security Systems) du 26 juillet 2006",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.