CVE-2004-1714
First published: Wed Aug 11 2004(Updated: )
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM ISS BlackICE PC Protection | =3.6cbd | |
| IBM ISS BlackICE PC Protection | =3.6cbr | |
| IBM ISS BlackICE PC Protection | =3.6cbz | |
| IBM ISS BlackICE PC Protection | =3.6cca | |
| IBM ISS BlackICE PC Protection | =3.6ccb | |
| IBM ISS BlackICE PC Protection | =3.6ccc | |
| IBM ISS BlackICE PC Protection | =3.6ccd | |
| IBM ISS BlackICE PC Protection | =3.6cce | |
| IBM ISS BlackICE PC Protection | =3.6ccf | |
| IBM ISS BlackICE PC Protection | =3.6ccg | |
| ISS BlackICE Server Protection | =3.5cdf | |
| ISS BlackICE Server Protection | =3.6cbz | |
| ISS BlackICE Server Protection | =3.6cca | |
| ISS BlackICE Server Protection | =3.6ccb | |
| ISS BlackICE Server Protection | =3.6ccc | |
| ISS BlackICE Server Protection | =3.6ccd | |
| ISS BlackICE Server Protection | =3.6cce | |
| ISS BlackICE Server Protection | =3.6ccf | |
| ISS BlackICE Server Protection | =3.6ccg | |
| ISS BlackICE Server Protection | =3.6cch | |
| ISS BlackICE Server Protection | =3.6cno |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1714?
The severity of CVE-2004-1714 is considered moderate due to the potential for local users to crash the system or modify critical configuration files.
How do I fix CVE-2004-1714?
To fix CVE-2004-1714, modify the permissions of the affected configuration files to restrict access from non-administrative users.
Which software is affected by CVE-2004-1714?
CVE-2004-1714 affects ISS BlackICE PC Protection and Server Protection versions 3.6ccf, 3.6ccb, 3.6ccg, among others.
What type of vulnerability is CVE-2004-1714?
CVE-2004-1714 is a local security vulnerability that allows unauthorized modification and potential denial of service.
Can CVE-2004-1714 be exploited remotely?
CVE-2004-1714 cannot be exploited remotely as it requires local access by a user to the affected system.
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/remedy
- agent/description
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-historical
- vendor/iss
- canonical/ibm iss blackice pc protection
- version/ibm iss blackice pc protection/3.6cbd
- version/ibm iss blackice pc protection/3.6cbr
- version/ibm iss blackice pc protection/3.6cbz
- version/ibm iss blackice pc protection/3.6cca
- version/ibm iss blackice pc protection/3.6ccb
- version/ibm iss blackice pc protection/3.6ccc
- version/ibm iss blackice pc protection/3.6ccd
- version/ibm iss blackice pc protection/3.6cce
- version/ibm iss blackice pc protection/3.6ccf
- version/ibm iss blackice pc protection/3.6ccg
- canonical/iss blackice server protection
- version/iss blackice server protection/3.5cdf
- version/iss blackice server protection/3.6cbz
- version/iss blackice server protection/3.6cca
- version/iss blackice server protection/3.6ccb
- version/iss blackice server protection/3.6ccc
- version/iss blackice server protection/3.6ccd
- version/iss blackice server protection/3.6cce
- version/iss blackice server protection/3.6ccf
- version/iss blackice server protection/3.6ccg
- version/iss blackice server protection/3.6cch
- version/iss blackice server protection/3.6cno