CVE-2004-0193

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.eeye.com/html/Research/Upcoming/20040213.html	Vendor Advisory
http://xforce.iss.net/xforce/alerts/id/165	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/150326	Patch Third Party Advisory US Government Resource
http://www.eeye.com/html/Research/Advisories/AD20040226.html
http://www.securityfocus.com/bid/9752
http://www.osvdb.org/4072
http://secunia.com/advisories/10988
http://marc.info/?l=bugtraq&m=107789851117176&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15207

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:iss:blackice_agent_server:3.6eca:::::::*
	cpe:2.3:a:iss:realsecure_guard:3.6ecb:::::::*
	cpe:2.3:a:iss:realsecure_network:7.0:xpu_20.15::::::
	cpe:2.3:a:iss:realsecure_sentry:3.6ecf:::::::*
	cpe:2.3:a:iss:realsecure_desktop:3.6eca:::::::*
	cpe:2.3:a:iss:realsecure_desktop:3.6ecf:::::::*
	cpe:2.3:a:iss:realsecure_desktop:7.0ebg:::::::*
	cpe:2.3:a:iss:realsecure_desktop:7.0epk:::::::*
	cpe:2.3:a:iss:blackice_pc_protection:3.6cbd:::::::*
	cpe:2.3:a:iss:blackice_server_protection:3.6cbz:::::::*
	cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu20.16::::::

Configuration 2 (hide)

OR	cpe:2.3:h:iss:proventia_a_series_xpu:20.15:::::::*
	cpe:2.3:h:iss:proventia_g_series_xpu:22.3:::::::*
	cpe:2.3:h:iss:proventia_m_series_xpu:1.30:::::::*

Information

Published : 2004-03-14 21:00

Updated : 2017-10-09 18:30

NVD link : CVE-2004-0193

Mitre link : CVE-2004-0193

JSON object : View

CWE

NVD-CWE-Other

Products Affected

iss

realsecure_sentry
realsecure_guard
realsecure_server_sensor
proventia_g_series_xpu
proventia_m_series_xpu
blackice_agent_server
blackice_pc_protection
realsecure_desktop
realsecure_network
blackice_server_protection
proventia_a_series_xpu

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.eeye.com/html/Research/Upcoming/20040213.html", "name": "http://www.eeye.com/html/Research/Upcoming/20040213.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://xforce.iss.net/xforce/alerts/id/165", "name": "20040226 Vulnerability in SMB Parsing in ISS Products", "tags": ["Patch", "Vendor Advisory"], "refsource": "ISS"}, {"url": "http://www.kb.cert.org/vuls/id/150326", "name": "VU#150326", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.eeye.com/html/Research/Advisories/AD20040226.html", "name": "AD20040226", "tags": [], "refsource": "EEYE"}, {"url": "http://www.securityfocus.com/bid/9752", "name": "9752", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/4072", "name": "4072", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/10988", "name": "10988", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=107789851117176&w=2", "name": "20040227 EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15207", "name": "pam-smb-protocol-bo(15207)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0193", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-03-15T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:iss:blackice_agent_server:3.6eca:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_guard:3.6ecb:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_network:7.0:xpu_20.15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_sentry:3.6ecf:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_desktop:3.6eca:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_desktop:3.6ecf:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_desktop:7.0ebg:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_desktop:7.0epk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:blackice_pc_protection:3.6cbd:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:blackice_server_protection:3.6cbz:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu20.16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:iss:proventia_a_series_xpu:20.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:iss:proventia_g_series_xpu:22.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:iss:proventia_m_series_xpu:1.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-10T01:30Z"}

7.5 /10