• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20000711 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20000712)
Votes (Legacy)
ACCEPT(3) Armstrong, Cole, Levy
MODIFY(2) Baker, Frech
NOOP(1) Ozancin
REVIEWING(1) Christey
Comments (Legacy)
 Levy> What do others think? Should this be a vuln? I can see the argument
   that some features are simply not available unless you use the maximum
   security settings.
 Christey> At the very least, this needs to be modified to state that
   this problem/concern applies to high ports in general, not
   just Back orifice.
   The Bugtraq poster claims that BlackICE "shuts down" the port, 
   but only *after* some initial traffic "leaks" out.  This may
   be by design, but it does mean that there is a small window
   of opportunity in which BlackICE may not work "as
   advertised," even at lower security settings.
 Christey> XF:blackice-security-level-nervous
 Frech> XF:blackice-security-level-nervous(4777)
 CHANGE> [Levy changed vote from REVIEWING to ACCEPT]
 CHANGE> [Christey changed vote from NOOP to REVIEWING]
 Baker> I accept it more as a security exposure, than a real vulnerability.
   It performs just as any other "firewall" or IDS product can be configured to
   allow traffic without notifying the user. You can adjust settings on
   any product that allow traffic that other people or organizations would
   find unacceptable.  So, as long as it is reflected that this is more of
   a configuration that allows such traffic as opposed to a defective
   or improperly functioning software issue, I don't have a problem with

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.