BlackIce Agent - Firewall defect found

Discussion in 'other firewalls' started by spy1, Jun 6, 2002.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Title: BlackICE Agent not Firewalling After Standby

    BUG-ID: 2002019                            
    Released: 06th Jun 2002
    --------------------------------------------------------------------

    Problem:
    ========
    In a default installation, The BlackICE Agent might not reactivate
    when the host returns from standby. This could allow a malicious
    user to bypass the firewall completely.



    Vulnerable:
    ===========
    - BlackICE Agent 3.1 eal on Windows 2000 laptop

    Not Vulnerable:
    ===============
    - BlackICE Agent 3.1 ebh on Windows 2000 laptop


    Details:
    ========
    The BlackICE Agent setup contains the parameter
    "restart.whenSuspend", which should be enabled by default. This,
    however, is not always the case, and as a result the firewall
    might not reactivate after a system standby. The BlackICE Agent
    would still give all the appearences of being active, but the
    filter function would not be in effect, and network communication
    would be possible to the same extent as if the software wasn't
    installed.


    Vendor URL:
    ===========
    You can visit the vendor webpage here: http://www.iss.net


    Vendor response:
    ================
    The vendor was notified on the 15th of March, 2002. The issue was
    assigned case number 526997. On the 18th of March, we received a
    workaround that seemingly solved the issue. On the 6th of June, 2002
    the vendor informed us that the issue had been corrected in the
    latest build.


    Corrective action:
    ==================
    Upgrade to BlackICE Agent V3.1 EBH, available through:
    https://bvlive01.iss.net/issEn/DLC/login.jhtml



    Author: Andreas Sandor (asandor@kpmg.dk)
     
  2. Raygun

    Raygun Registered Member

    Joined:
    Apr 24, 2002
    Posts:
    31
    Location:
    The Beach!
    Is it safe to say that if you do not go into hybernation then this problem would never occur?
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Welcome to the forum, Raygun!

    That's a possibility, but the safest thing to do would be to update to the latest version, which, if I'm reading that correctly, solves the problem. HTH Pete
     
  4. Raygun

    Raygun Registered Member

    Joined:
    Apr 24, 2002
    Posts:
    31
    Location:
    The Beach!
    Here is something interesting. Did you write down the correct Version number? Reason I ask is that I checked and I already have version 3.5 It's also the current version availible at ISS. I figure this information must have just been a bit old and I had the newer version already. Unless you misstyped the version...

    by the way, I'm talking about a month or more that I've been running 3.5 !
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Raygun,

    Checked the version number we have received from ISS; at the moment, seems v3.5 vbq is the latest version. Nevertheless, an "upgrade warning" for those using this software seems not that bad at all! ;)

    regards.

    paul
     
  6. Raygun

    Raygun Registered Member

    Joined:
    Apr 24, 2002
    Posts:
    31
    Location:
    The Beach!
    Ok, cool. Thanks.

    Yes it's never bad to check for updates, I did go check it out and would do so anytime I hear that something might be up. Thanks for the heads up, always better to check then let a defect hang around..
     
Loading...
Thread Status:
Not open for further replies.