Secunia

eEye Digital Security has discovered a vulnerability in multiple ISS products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the ISS Protocol Analysis Module (PAM) component when re-assembling an analysed SMB (Server Message Block) packet.

This can be exploited to cause a heap overflow by sending a specially crafted "SMB Session Setup AndX request" SMB packet containing an overly long value (about 300 bytes) in the "AccountName" field.

Successful exploitation may allow execution of arbitrary code with SYSTEM privileges.

The vulnerability reportedly affects the following products:
* Proventia A Series XPU 20.15 through 22.9
* Proventia G Series XPU 22.3 through 22.9
* Proventia M Series XPU 1.3 through 1.7
* BlackICE PC Protection 3.6 cbr through ccb
* BlackICE Server Protection 3.6 cbr through ccb
* RealSecure Network 7.0, XPU 20.15 through 22.9
* RealSecure Server Sensor 7.0 XPU 20.16 through 22.9
* RealSecure Desktop 7.0 eba through ebh
* RealSecure Desktop 3.6 ebr through ecb
* RealSecure Guard 3.6 ebr through ecb
* RealSecure Sentry 3.6 ebr through ecb

Solution
The vendor has issued patches.
Further details available in Customer Area

Provided and/or discovered by
Barnaby Jack, eEye Digital Security.

Original Advisory
ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/165

eEye Digital Security:
http://www.eeye.com/html/Research/Advisories/AD20040226.html

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area