Title: Internet Security Systems BlackICE High UDP Port Block Delay Vulnerability
Severity: HIGH
Description:
NetworkICE BlackICE Defender and Agent do not block incoming UDP port connections above 1021 when configured with either the Trusting, Caution, or Nervous setting. Back Orifice 1.2 utilizes a high UDP port by default, thus any command issued by a Back Orifice client can go unprotected by BlackICE. The infected machine's reply will trigger IP address blocking by BlackICE. A small time gap exists between the issue of the first Back Orifice command and the time at which BlackICE blocks the offending IP address. The number of Back Orifice commands that can bypass BlackICE depends on the speed the remote user can execute them (the commands can be easily automated with scripts to increase the speed or can be launched from different IP addresses). BlackICE may be vulnerable to other malicious attacks originating from UDP based programs.
Please note that Internet Security Systems now maintains BlackICE Defender.
Affected Products:
- Internet Security Systems BlackICE Defender 2.1.0
- Internet Security Systems BlackIce Agent 2.0.23
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
