CVE-2004-0193
Summary
| CVE | CVE-2004-0193 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-03-15 05:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Iss | Blackice Agent Server | 3.6eca | All | All | All |
| Application | Iss | Blackice Pc Protection | 3.6cbd | All | All | All |
| Application | Iss | Blackice Server Protection | 3.6cbz | All | All | All |
| Hardware | Iss | Proventia A Series Xpu | 20.15 | All | All | All |
| Hardware | Iss | Proventia G Series Xpu | 22.3 | All | All | All |
| Hardware | Iss | Proventia M Series Xpu | 1.30 | All | All | All |
| Application | Iss | Realsecure Desktop | 3.6eca | All | All | All |
| Application | Iss | Realsecure Desktop | 3.6ecf | All | All | All |
| Application | Iss | Realsecure Desktop | 7.0ebg | All | All | All |
| Application | Iss | Realsecure Desktop | 7.0epk | All | All | All |
| Application | Iss | Realsecure Guard | 3.6ecb | All | All | All |
| Application | Iss | Realsecure Network | 7.0 | xpu_20.15 | All | All |
| Application | Iss | Realsecure Sentry | 3.6ecf | All | All | All |
| Application | Iss | Realsecure Server Sensor | 7.0 | xpu20.16 | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Internet Security Systems - | af854a3a-2127-422b-91ae-364da2661108 | xforce.iss.net | Patch, Vendor Advisory |
| eEye Digital Security - Vulnerability Management Solutions | af854a3a-2127-422b-91ae-364da2661108 | www.eeye.com | |
| Internet Security Systems Protocol Analysis Module SMB Parsing Heap Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| www.osvdb.org/4072 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| US-CERT Vulnerability Note VU#150326 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Patch, Third Party Advisory, US Government Resource |
| eEye Digital Security - Vulnerability Management Solutions | af854a3a-2127-422b-91ae-364da2661108 | www.eeye.com | Vendor Advisory |
| Secunia - Advisories - ISS Multiple Products SMB Packet Handling Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| 'EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.