On mySimon: Say You're One of Them
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 19 of 25:
Next »
« Previous
I don't know about Windows
But I might think twice about reloading Black Ice or Real Secure, although the products in question have been patched since March 9:

"Description:

The Witty worm exploits a stack-based overflow in ICQ response parsing
in the Protocol Analysis Module (PAM) of ISS products. It is a memory-
resident worm only, and contains no file payload. Witty propagates via
UDP, sending UDP packets with a random destination and destination port.
The source port of Witty traffic is 4000, and the source address is not
spoofed.

The worm will attempt to propagate immediately by sending copies of
itself out across the wire to random targets. After sending a predefined
number of packets, Witty attempts to open a randomly determined physical
drive and write 64k of data to a random location. This cycle repeats for
every 20,000 packets sent.

Recommendations:

ISS Product updates that address this vulnerability have been available
since March 9, 2004. These updates are accessible via the ISS Download
Center."

Given that these are firewall products, they will by definition have very low-level system access. And they had a bug (the products, not the OS) that was exploitable. Since the product had low-level access, anything that could punch a hole in it could gain low-level access.
Posted by: pschroeder@...   Posted on: 03/21/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

I wonder what happens  MkIIISupra | 03/18/04
the race is on  stephen732@... | 03/19/04
Windows users haven't faced a "real" threat..yet  B_HI | 03/18/04
No Worry Here  DragonBRockin | 03/18/04
beware  stephen732@... | 03/18/04
advice  toadlife | 03/19/04
here we go again  PA-ITGuy | 03/19/04
RE: here we go again  nite_w0lf | 03/19/04
Dunno 'bout Eudora  Yagotta B. Kidding | 03/19/04
Soup to Stew ~ it all boils down  Aphelion | 03/19/04
The problem  PA-ITGuy | 03/19/04
Ebola vs. Flu  jfrankcarr | 03/19/04
Ebola Time Bomb  Aphelion | 03/19/04
the problem...  pschroeder@... | 03/19/04
exploit a new hole?  stephen732@... | 03/19/04
re:  pschroeder@... | 03/19/04
Ebola, no. AIDS, yes  Yagotta B. Kidding | 03/19/04
The Stew begins to boil  Aphelion | 03/21/04
I don't know about Windows  pschroeder@... | 03/21/04
Stop naming viruses!  cuervo-gold | 03/19/04
you're numbers are too conservative (nt) - LOL  stephen732@... | 03/19/04
your, not you're... (nt)  stephen732@... | 03/19/04
Early warning........  nite_w0lf | 03/19/04
Man, this one family of worms is generating lots of bad MS news.  DonnieBoy | 03/19/04
Wanna latte' with that bagel?  Squawkbox | 03/19/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and