CHAT: ISS BlackIce ICQ Decoder META_USER Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the ICQ decoder on ISS BlackIce network devices. Attackers can remotely execute arbitrary code.
Extended Description
It has been reported that the Internet Security Systems (ISS) Protocol Analysis Module is prone to a remote buffer overflow vulnerability when parsing the ICQ protocol. This issue exists due to insufficient bounds checking performed on certain unspecified ICQ protocol fields supplied in ICQ response data. Successful exploitation of this issue may allow a remote attacker to execute arbitrary code on a vulnerable system in order to gain unauthorized access. This attack would occur in the context of the vulnerable process. This module is used to parse network protocols and is included in a number of products provided by ISS, including various RealSecure and BlackICE releases.
Affected Products
Ibm proventia_g_series,Ibm realsecure_server_sensor
Short Name
CHAT:ICQ:ISS-BLACKICE-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
CHAT
Keywords
BlackIce Buffer CVE-2004-0362 Decoder ICQ ISS META_USER Overflow bid:9913
Release Date
03/25/2004
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3398
Port
UDP/0-52,54-66,70-122,124,136,140-160,163-388,390-635,637-65535
False Positive
Unknown
Vendors
Ibm
CVSS Score
7.5