Vulnerability Description
Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iss | Blackice Agent Server | 3.6eca |
| Iss | Blackice Pc Protection | 3.6cbd |
| Iss | Blackice Server Protection | 3.6cbz |
| Iss | Realsecure Desktop | 3.6eca |
| Iss | Realsecure Guard | 3.6ecb |
| Iss | Realsecure Network | 7.0 |
| Iss | Realsecure Sentry | 3.6ecf |
| Iss | Realsecure Server Sensor | 7.0 |
| Iss | Proventia A Series Xpu | 20.15 |
| Iss | Proventia G Series Xpu | 22.3 |
| Iss | Proventia M Series Xpu | 1.30 |
References
- http://marc.info/?l=bugtraq&m=107789851117176&w=2
- http://secunia.com/advisories/10988
- http://www.eeye.com/html/Research/Advisories/AD20040226.html
- http://www.eeye.com/html/Research/Upcoming/20040213.htmlVendor Advisory
- http://www.kb.cert.org/vuls/id/150326PatchThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/4072
- http://www.securityfocus.com/bid/9752
- http://xforce.iss.net/xforce/alerts/id/165PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15207
- http://marc.info/?l=bugtraq&m=107789851117176&w=2
- http://secunia.com/advisories/10988
- http://www.eeye.com/html/Research/Advisories/AD20040226.html
- http://www.eeye.com/html/Research/Upcoming/20040213.htmlVendor Advisory
- http://www.kb.cert.org/vuls/id/150326PatchThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/4072
FAQ
What is CVE-2004-0193?
CVE-2004-0193 is a vulnerability with a CVSS score of 7.5 (HIGH). Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 ...
How severe is CVE-2004-0193?
CVE-2004-0193 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0193?
Check the references section above for vendor advisories and patch information. Affected products include: Iss Blackice Agent Server, Iss Blackice Pc Protection, Iss Blackice Server Protection, Iss Realsecure Desktop, Iss Realsecure Guard.