Bugtraq mailing list archives
Re: Vulnerability in Black ICE Defender
From: Swift Griggs <ssgriggs () xexil com>
Date: Tue, 5 Feb 2002 01:50:45 -0600 (CST)
On Mon, 4 Feb 2002, advisories wrote:
I verified this vulnerability in BlackICE Defender 2.9.can as well.The current version of BlackICE Defender (2.9.caq and 2.9.cap) running on a Windows 2000 machine can be remotely crashed using a very basic ping flood.
During a product demo around June of 2000 (as best I recall) I was able to crash Black Ice Defender on NT4 with Mixter's "targa3" (and I might have been using some of the other "targa" tools). It may be somewhat hard to reproduce though, since targa3 uses a pseudo-random, contrived packet generator. I believe the machine was also running some kind of analysis tool called "Ice Cap" which they claimed (at the time) would be used to send relevant security related data back to some kind of central repository. We also noticed that the machine would start consuming 98%-99% of the CPU shortly before it BSoD'd, but perhaps 100Mb Ethernet and my fast machine could explain the high utilization. Unfortunately, I don't know the version they were running, and thus I don't know if this problem still exists. However, it seems relevant in light of these recent posts. Also, I think (again reaching from memory) their software works with NDIS, so it might be useful to know what NDIS driver the target boxes were using. Just a thought. -- Swift
Current thread:
- Re: Vulnerability in Black ICE Defender advisories (Feb 04)
- Re: Vulnerability in Black ICE Defender Swift Griggs (Feb 05)
- <Possible follow-ups>
- Vulnerability in Black ICE Defender Matt Taylor (Feb 04)
- RE: Vulnerability in Black ICE Defender Chris Paget (Feb 05)
- Re: Vulnerability in Black ICE Defender Troy Billington (Feb 05)