Software update: BlackICE 3.6.crh

Although IBM announced just over a year ago that it would stop selling BlackICE, a year after they acquired Internet Security Systems, we can still mention a new edition in the Meuktracker. The version designation of this firewall has arrived at 3.6.crh and has been expanded compared to the previous version with 6 events and 33 blocking responses. The new edition is available in two flavors as usual, namely BlackICE PC Protection and BlackICE Server Protection.

The package is a versatile firewall with full intrusion detection. Both the incoming and outgoing network flows are checked and if something is suspected that something is not right, the administrator is warned and the connection can be closed. The list of changes for this new version is as follows:

New Security Content:

• RTSP_MediaPlayer_Vulnerable_Client – Unauthorized Access Attempt – High
• HTTP_Application_Server_Stack_Bo – Unauthorized Access Attempt – High
• HTML_OneNote_URL_Code_Execution – Unauthorized Access Attempt – High
• Image_EMF_GDI_Code_Execution – Unauthorized Access Attempt – High
• Image_GIF_GDI_Parsing – Unauthorized Access Attempt – Low
• Image_BMP_Win_GDI_Bo – Unauthorized Access Attempt – High

Security Content Improvements

• Fixed a PAM Internal Error in evaluating DNS_Cache_Poison_Subdomain_Attack while processing a very specific pattern of repeated DNS Answers.
• Enhanced PAM’s parsing of AIM traffic when tunneled over HTTP to avoid a potential watchdog timeout condition in some corner cases of packet content, alignment, and fragmentation.
• Improved signature documentation for IRC_Join_Attempt.
• Improved signature documentation for HTTP_Kaneva_Client.
• Improved signature documentation for HTTP_IIS_ISAPI_Printer_Overflow.
• Improved signature documentation for HTTP_Oracle_WebLogic_Connector_BO.

Blocking was added for the following events:

• FTP_Append_Very_Long
• Subversion_Date_Parsing_BO
• HTTP_WhatsUpGold_Instance_Overflow
• RPC_Veritas_Registry_Access
• HTTP_Apache_Authentication_DoS
• JavaScript_CSS_Mem_Corruption_Vuln
• LDAP_eDirectory_MonitorEventsRequest_Fr
• LDAP_eDirectory_MonitorEventsRequest_Ov
• ARCserve_Backup_LGServer_Stack_Overflow
• XML_JNLP_Codebase_BO
• MS_WMP_Decompress_Overflow
• MSRPC_MSMQ_Path_BO
• HTML_Lenovo_AcpController_Code_Exec
• MSRPC_TrendMicro_SyncTask_BO
• MSRPC_TrendMicro_String_BO
• FTP_Virus_Suspicious_Zip
• HTML_Oracle_Jinitiator_Overflow
• HTML_FoxPro_ActiveX_Overflow
• Image_TIFF_Kodak_Img_Viewer_Code_Exec
• System_Heap_Overflow
• IPP_CUPS_Tag_Overflow
• QuickTime_VR_Panoramic_Sample_Overflow
• QuickTime_ColorTable_Overflow
• Script_BitDefender_Code_Execution
• Flash_Jpeg_Overflow
• HTML_RavWare_Mas_Flic_Overflow
• ASP_IIS_HTMLEncode
• HTML_SkyFex_Client_Overflow
• HTML_XUpload_ActiveX_Overflow
• Excel_File_Import_Code_Exec
• HTML_OneNote_URL_Code_Execution
• Image_EMF_GDI_Code_Execution
• Image_BMP_Win_GDI_Bo