Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1714

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-1714
Last Modified 05 Sep 2008 04:42:09
Published 11 Aug 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1714

Summary

BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.

Vulnerable Systems

Application

  • Iss Blackice Pc Protection 3.6cbd

  • Iss Blackice Pc Protection 3.6cbr

  • Iss Blackice Pc Protection 3.6cbz

  • Iss Blackice Pc Protection 3.6cca

  • Iss Blackice Pc Protection 3.6ccb

  • Iss Blackice Pc Protection 3.6ccc

  • Iss Blackice Pc Protection 3.6ccd

  • Iss Blackice Pc Protection 3.6cce

  • Iss Blackice Pc Protection 3.6ccf

  • Iss Blackice Pc Protection 3.6ccg

  • Iss Blackice Server Protection 3.5cdf

  • Iss Blackice Server Protection 3.6cbz

  • Iss Blackice Server Protection 3.6cca

  • Iss Blackice Server Protection 3.6ccb

  • Iss Blackice Server Protection 3.6ccc

  • Iss Blackice Server Protection 3.6ccd

  • Iss Blackice Server Protection 3.6cce

  • Iss Blackice Server Protection 3.6ccf

  • Iss Blackice Server Protection 3.6ccg

  • Iss Blackice Server Protection 3.6cch

  • Iss Blackice Server Protection 3.6cno


References

BUGTRAQ - 20040811 BlackICE unprivileged local user attack

FULLDISC - 20040811 ISS BlackIce Server Protect Unprivileged User Attack

XF - blackice-firewall-dos(16959)

BID - 10915


Last Updated: 27 May 2016 10:39:09