TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Multiple Flaws in Fate Research Labs RealSecure Product Analysis November 6, 2000 Internet Security Systems, Inc. Response to "RealSecure Advisory - Fate Research Labs (11-01-00)" Synopsis: Fate Research Labs released a recent product analysis posted to the BugTraq mailing list describing three perceived issues in the RealSecure product. ISS believes that all of these issues were reported in error. Description: The message incorrectly states that ISS RealSecure does not support user-defined signatures. ISS RealSecure has supported user-defined signatures since version 3.1, released in June 1999. ISS X-Force has released numerous security advisories and alerts that contain user-defined signatures. Their analysis incorrectly claims that ISS RealSecure does not detect the very common IIS/RDS security vulnerability discovered by "Rain Forest Puppy". ISS X-Force released a security alert with a description of this vulnerability and a user-defined signature for detection of this vulnerability on August 9, 1999. On a related note, the message incorrectly claims that ISS RealSecure does not contain detection support for the much-publicized IIS Unicode vulnerability affecting IIS versions 4 and 5. ISS X-Force released a security alert describing this vulnerability on October 26, 2000. This X-Force alert also contains a user-defined signature to detect this vulnerability. The last portion of the message states that it is possible to detect the RealSecure engine by looking for a listening TCP port 2998. The TCP port used for RealSecure console communications is user definable to any TCP port. In addition, ISS recommends that all RealSecure customers configure RealSecure consoles in "stealth mode," which prevents RealSecure detection. Internet Security Systems has released new detection capabilities in X-Press Updates for the ISS SAFEsuite family of products for over a year. Recommendations: ISS X-Force recommends that all RealSecure customers configure the user-defined signatures as described in the advisories below. ISS X-Force was not contacted by Fate Research Labs to review their product analysis prior to posting to BugTraq. Please report all ISS security-related issues to [EMAIL PROTECTED] References: User-defined signature for RDS hole, August 9, 1999: http://xforce.iss.net/alerts/advise32.php User-defined signature for Unicode hole, October 26, 2000: http://xforce.iss.net/alerts/advise68.php --------- Copyright (c) 2000 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail [EMAIL PROTECTED] for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
