CVE-2004-0193
Summary
| CVE | CVE-2004-0193 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-03-15 05:00:00 UTC |
| Updated | 2017-10-10 01:30:00 UTC |
| Description | Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Iss | Blackice Agent Server | 3.6eca | All | All | All |
| Application | Iss | Blackice Agent Server | 3.6eca | All | All | All |
| Application | Iss | Blackice Pc Protection | 3.6cbd | All | All | All |
| Application | Iss | Blackice Pc Protection | 3.6cbd | All | All | All |
| Application | Iss | Blackice Server Protection | 3.6cbz | All | All | All |
| Application | Iss | Blackice Server Protection | 3.6cbz | All | All | All |
| Hardware | Iss | Proventia A Series Xpu | 20.15 | All | All | All |
| Hardware | Iss | Proventia A Series Xpu | 20.15 | All | All | All |
| Hardware | Iss | Proventia G Series Xpu | 22.3 | All | All | All |
| Hardware | Iss | Proventia G Series Xpu | 22.3 | All | All | All |
| Hardware | Iss | Proventia M Series Xpu | 1.30 | All | All | All |
| Hardware | Iss | Proventia M Series Xpu | 1.30 | All | All | All |
| Application | Iss | Realsecure Desktop | 3.6eca | All | All | All |
| Application | Iss | Realsecure Desktop | 3.6ecf | All | All | All |
| Application | Iss | Realsecure Desktop | 7.0ebg | All | All | All |
| Application | Iss | Realsecure Desktop | 7.0epk | All | All | All |
| Application | Iss | Realsecure Desktop | 3.6eca | All | All | All |
| Application | Iss | Realsecure Desktop | 3.6ecf | All | All | All |
| Application | Iss | Realsecure Desktop | 7.0ebg | All | All | All |
| Application | Iss | Realsecure Desktop | 7.0epk | All | All | All |
| Application | Iss | Realsecure Guard | 3.6ecb | All | All | All |
| Application | Iss | Realsecure Guard | 3.6ecb | All | All | All |
| Application | Iss | Realsecure Network | 7.0 | xpu_20.15 | All | All |
| Application | Iss | Realsecure Network | 7.0 | xpu_20.15 | All | All |
| Application | Iss | Realsecure Sentry | 3.6ecf | All | All | All |
| Application | Iss | Realsecure Sentry | 3.6ecf | All | All | All |
| Application | Iss | Realsecure Server Sensor | 7.0 | xpu20.16 | All | All |
| Application | Iss | Realsecure Server Sensor | 7.0 | xpu20.16 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| 4072 | OSVDB | www.osvdb.org | |
| US-CERT Vulnerability Note VU#150326 | CERT-VN | www.kb.cert.org | Patch, Third Party Advisory, US Government Resource |
| Internet Security Systems - | ISS | xforce.iss.net | Patch, Vendor Advisory |
| eEye Digital Security - Vulnerability Management Solutions | MISC | www.eeye.com | Vendor Advisory |
| Secunia - Advisories - ISS Multiple Products SMB Packet Handling Buffer Overflow Vulnerability | SECUNIA | secunia.com | |
| eEye Digital Security - Vulnerability Management Solutions | EEYE | www.eeye.com | |
| Internet Security Systems Protocol Analysis Module SMB Parsing Heap Overflow Vulnerability | BID | www.securityfocus.com | |
| 'EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow' - MARC | BUGTRAQ | marc.info | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.