[24104] in bugtraq
Re: Vulnerability in Black ICE Defender
daemon@ATHENA.MIT.EDU (advisories)
Mon Feb 4 19:54:26 2002
Date: Mon, 4 Feb 2002 18:29:14 -0500
Message-Id: <200202041829.AA145752332@nocmail3.itxc.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "advisories " <advisories@itxc.net>
Reply-To: <advisories@itxc.net>
To: <bugtraq@securityfocus.com>, "Matt Taylor" <quisit@quest.net>
I verified this vulnerability in BlackICE Defender 2.9.can as well.
---------- Original Message ----------------------------------
From: "Matt Taylor" <quisit@quest.net>
Date: Sun, 3 Feb 2002 22:26:50 -0600
>The current version of BlackICE Defender (2.9.caq and 2.9.cap) running on a
>Windows 2000 machine can be remotely crashed using a very basic ping flood.
>This has been tested with Divine Intervention 2 & 3, Sisoft Sandra Network
>(LAN) benchmark.
>Setting the packet size to about 10,000 bytes causes a Blue Screen of Death
>(or immediate system reboot). After extensive correspondence with ISS
>support they basically told me they'd "look into it." They have not
>responded since 12/21/01 and their newest patch 2.9.caq (released after)
>does not address this issue. More details available if requested.
>
>Matt Taylor
>
>
