CVE
- Id
- 2138
- CVE No.
- CVE-2000-0562
- Status
- Candidate
- Description
- BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower.
- Phase
- Proposed (20000712)
- Votes
- ACCEPT(3) Armstrong, Cole, Levy | MODIFY(2) Baker, Frech | NOOP(1) Ozancin | REVIEWING(1) Christey
- Comments
- Levy> What do others think? Should this be a vuln? I can see the argument | that some features are simply not available unless you use the maximum | security settings. | Christey> At the very least, this needs to be modified to state that | this problem/concern applies to high ports in general, not | just Back orifice. | | The Bugtraq poster claims that BlackICE "shuts down" the port, | but only *after* some initial traffic "leaks" out. This may | be by design, but it does mean that there is a small window | of opportunity in which BlackICE may not work "as | advertised," even at lower security settings. | Christey> XF:blackice-security-level-nervous | BID:1389 | Frech> XF:blackice-security-level-nervous(4777) | CHANGE> [Levy changed vote from REVIEWING to ACCEPT] | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Baker> I accept it more as a security exposure, than a real vulnerability. | It performs just as any other "firewall" or IDS product can be configured to | allow traffic without notifying the user. You can adjust settings on | any product that allow traffic that other people or organizations would | find unacceptable. So, as long as it is reflected that this is more of | a configuration that allows such traffic as opposed to a defective | or improperly functioning software issue, I don"t have a problem with | it.
