Lucene search

[email protected]CVE-2004-0193

HistorySep 01, 2004 - 4:00 a.m.

CVE-2004-0193

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0193

buffer overflow

iss protocol analysis module

realsecure

proventia

smb packet

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.244 Low

EPSS

Percentile

96.7%

JSON

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

Affected configurations

NVD

Node

issblackice_agent_serverMatch3.6eca

issblackice_pc_protectionMatch3.6cbd

issblackice_server_protectionMatch3.6cbz

issrealsecure_desktopMatch3.6eca

issrealsecure_desktopMatch3.6ecf

issrealsecure_desktopMatch7.0ebg

issrealsecure_desktopMatch7.0epk

issrealsecure_guardMatch3.6ecb

issrealsecure_networkMatch7.0xpu_20.15

issrealsecure_sentryMatch3.6ecf

issrealsecure_server_sensorMatch7.0xpu20.16

Node

issproventia_a_series_xpuMatch20.15

issproventia_g_series_xpuMatch22.3

issproventia_m_series_xpuMatch1.30

CPENameOperatorVersion
iss:blackice_agent_serveriss blackice agent servereq3.6eca
iss:blackice_pc_protectioniss blackice pc protectioneq3.6cbd
iss:blackice_server_protectioniss blackice server protectioneq3.6cbz
iss:realsecure_desktopiss realsecure desktopeq3.6eca
iss:realsecure_desktopiss realsecure desktopeq3.6ecf
iss:realsecure_desktopiss realsecure desktopeq7.0ebg
iss:realsecure_desktopiss realsecure desktopeq7.0epk
iss:realsecure_guardiss realsecure guardeq3.6ecb
iss:realsecure_networkiss realsecure networkeq7.0
iss:realsecure_sentryiss realsecure sentryeq3.6ecf

CPE	Name	Operator	Version
iss:blackice_agent_server	iss blackice agent server	eq	3.6eca
iss:blackice_pc_protection	iss blackice pc protection	eq	3.6cbd
iss:blackice_server_protection	iss blackice server protection	eq	3.6cbz
iss:realsecure_desktop	iss realsecure desktop	eq	3.6eca
iss:realsecure_desktop	iss realsecure desktop	eq	3.6ecf
iss:realsecure_desktop	iss realsecure desktop	eq	7.0ebg
iss:realsecure_desktop	iss realsecure desktop	eq	7.0epk
iss:realsecure_guard	iss realsecure guard	eq	3.6ecb
iss:realsecure_network	iss realsecure network	eq	7.0
iss:realsecure_sentry	iss realsecure sentry	eq	3.6ecf

Rows per page:

1-10 of 111

References

marc.info/?l=bugtraq&m=107789851117176&w=2

secunia.com/advisories/10988

www.eeye.com/html/Research/Advisories/AD20040226.html

www.eeye.com/html/Research/Upcoming/20040213.html

www.kb.cert.org/vuls/id/150326

www.osvdb.org/4072

www.securityfocus.com/bid/9752

xforce.iss.net/xforce/alerts/id/165

exchange.xforce.ibmcloud.com/vulnerabilities/15207

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.244 Low

EPSS

Percentile

96.7%

JSON

Related for CVE-2004-0193

cvelist1 nvd1 nessus1