Search...

CVE-2004-0193

2004-03-15T05:00:00

ID CVE-2004-0193
Type cve
Reporter cve@mitre.org
Modified 2017-10-10T01:30:00

Description

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

JSON Vulners Source

Initial Source

{"id": "CVE-2004-0193", "bulletinFamily": "NVD", "title": "CVE-2004-0193", "description": "Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.", "published": "2004-03-15T05:00:00", "modified": "2017-10-10T01:30:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0193", "reporter": "cve@mitre.org", "references": ["http://xforce.iss.net/xforce/alerts/id/165", "http://www.securityfocus.com/bid/9752", "http://www.osvdb.org/4072", "http://www.eeye.com/html/Research/Advisories/AD20040226.html", "http://www.kb.cert.org/vuls/id/150326", "http://secunia.com/advisories/10988", "http://www.eeye.com/html/Research/Upcoming/20040213.html", "http://marc.info/?l=bugtraq&m=107789851117176&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15207"], "cvelist": ["CVE-2004-0193"], "type": "cve", "lastseen": "2020-10-03T11:33:38", "edition": 3, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:4702"]}, {"type": "nessus", "idList": ["BLACKICE_VERSION_CHECKER.NASL"]}], "modified": "2020-10-03T11:33:38", "rev": 2}, "score": {"value": 7.9, "vector": "NONE", "modified": "2020-10-03T11:33:38", "rev": 2}, "vulnersScore": 7.9}, "cpe": ["cpe:/a:iss:realsecure_desktop:7.0ebg", "cpe:/a:iss:realsecure_sentry:3.6ecf", "cpe:/a:iss:blackice_agent_server:3.6eca", "cpe:/a:iss:realsecure_desktop:3.6eca", "cpe:/h:iss:proventia_m_series_xpu:1.30", "cpe:/a:iss:blackice_server_protection:3.6cbz", "cpe:/a:iss:realsecure_network:7.0", "cpe:/h:iss:proventia_a_series_xpu:20.15", "cpe:/a:iss:realsecure_desktop:3.6ecf", "cpe:/a:iss:realsecure_guard:3.6ecb", "cpe:/h:iss:proventia_g_series_xpu:22.3", "cpe:/a:iss:realsecure_server_sensor:7.0", "cpe:/a:iss:blackice_pc_protection:3.6cbd", "cpe:/a:iss:realsecure_desktop:7.0epk"], "affectedSoftware": [{"cpeName": "iss:realsecure_sentry", "name": "iss realsecure sentry", "operator": "eq", "version": "3.6ecf"}, {"cpeName": "iss:proventia_a_series_xpu", "name": "iss proventia a series xpu", "operator": "eq", "version": "20.15"}, {"cpeName": "iss:realsecure_desktop", "name": "iss realsecure desktop", "operator": "eq", "version": "7.0ebg"}, {"cpeName": "iss:proventia_g_series_xpu", "name": "iss proventia g series xpu", "operator": "eq", "version": "22.3"}, {"cpeName": "iss:proventia_m_series_xpu", "name": "iss proventia m series xpu", "operator": "eq", "version": "1.30"}, {"cpeName": "iss:realsecure_desktop", "name": "iss realsecure desktop", "operator": "eq", "version": "3.6eca"}, {"cpeName": "iss:realsecure_network", "name": "iss realsecure network", "operator": "eq", "version": "7.0"}, {"cpeName": "iss:realsecure_server_sensor", "name": "iss realsecure server sensor", "operator": "eq", "version": "7.0"}, {"cpeName": "iss:realsecure_desktop", "name": "iss realsecure desktop", "operator": "eq", "version": "3.6ecf"}, {"cpeName": "iss:blackice_pc_protection", "name": "iss blackice pc protection", "operator": "eq", "version": "3.6cbd"}, {"cpeName": "iss:blackice_agent_server", "name": "iss blackice agent server", "operator": "eq", "version": "3.6eca"}, {"cpeName": "iss:blackice_server_protection", "name": "iss blackice server protection", "operator": "eq", "version": "3.6cbz"}, {"cpeName": "iss:realsecure_desktop", "name": "iss realsecure desktop", "operator": "eq", "version": "7.0epk"}, {"cpeName": "iss:realsecure_guard", "name": "iss realsecure guard", "operator": "eq", "version": "3.6ecb"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu20.16:*:*:*:*:*:*", "cpe:2.3:h:iss:proventia_m_series_xpu:1.30:*:*:*:*:*:*:*", "cpe:2.3:a:iss:blackice_pc_protection:3.6cbd:*:*:*:*:*:*:*", "cpe:2.3:a:iss:realsecure_network:7.0:xpu_20.15:*:*:*:*:*:*", "cpe:2.3:h:iss:proventia_g_series_xpu:22.3:*:*:*:*:*:*:*", "cpe:2.3:a:iss:realsecure_guard:3.6ecb:*:*:*:*:*:*:*", "cpe:2.3:h:iss:proventia_a_series_xpu:20.15:*:*:*:*:*:*:*", "cpe:2.3:a:iss:realsecure_desktop:3.6ecf:*:*:*:*:*:*:*", "cpe:2.3:a:iss:blackice_agent_server:3.6eca:*:*:*:*:*:*:*", "cpe:2.3:a:iss:realsecure_desktop:7.0ebg:*:*:*:*:*:*:*", "cpe:2.3:a:iss:realsecure_sentry:3.6ecf:*:*:*:*:*:*:*", "cpe:2.3:a:iss:realsecure_desktop:7.0epk:*:*:*:*:*:*:*", "cpe:2.3:a:iss:blackice_server_protection:3.6cbz:*:*:*:*:*:*:*", "cpe:2.3:a:iss:realsecure_desktop:3.6eca:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:iss:proventia_g_series_xpu:22.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:iss:proventia_a_series_xpu:20.15:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:iss:proventia_m_series_xpu:1.30:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:iss:blackice_pc_protection:3.6cbd:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_desktop:3.6ecf:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_network:7.0:xpu_20.15:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_desktop:7.0ebg:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_desktop:3.6eca:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu20.16:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:blackice_agent_server:3.6eca:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_sentry:3.6ecf:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_desktop:7.0epk:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:realsecure_guard:3.6ecb:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:iss:blackice_server_protection:3.6cbz:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"osvdb": [{"lastseen": "2017-04-28T13:19:59", "bulletinFamily": "software", "cvelist": ["CVE-2004-0193"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nOther Advisory URL: http://xforce.iss.net/xforce/alerts/id/165\nKeyword: Internet Security Systems\nKeyword: ISS\nISS X-Force ID: 15207\n[CVE-2004-0193](https://vulners.com/cve/CVE-2004-0193)\nCERT VU: 150326\n", "modified": "2004-02-24T00:00:00", "published": "2004-02-24T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:4702", "id": "OSVDB:4702", "type": "osvdb", "title": "RealSecure/BlackICE PAM Module SMB Packet Overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T01:21:58", "description": "ISS BlackICE is a personal Firewall/IDS for windows Desktops. Several\nremote holes have been found in the product. An attacker, exploiting\nthese flaws, would be able to either crash the remote firewall/IDS\nservice or execute code on the target machine.\n\nAccording to the remote version number, the remote host is vulnerable\nto at least one remote overflow.", "edition": 22, "published": "2004-03-19T00:00:00", "title": "ISS BlackICE Multiple Remote Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-2125", "CVE-2004-0193", "CVE-2004-2126", "CVE-2002-0957", "CVE-2002-0956", "CVE-2000-0562", "CVE-2002-0237"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "BLACKICE_VERSION_CHECKER.NASL", "href": "https://www.tenable.com/plugins/nessus/12114", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12114);\n script_version(\"1.30\");\n script_cvs_date(\"Date: 2018/06/27 18:42:27\");\n\n script_cve_id(\n \"CVE-2000-0562\",\n \"CVE-2002-0237\",\n \"CVE-2002-0956\",\n \"CVE-2002-0957\",\n \"CVE-2004-0193\",\n \"CVE-2004-2125\",\n \"CVE-2004-2126\"\n );\n script_bugtraq_id(1389, 4025, 4950, 9513, 9514, 9752);\n\n script_name(english:\"ISS BlackICE Multiple Remote Vulnerabilities\");\n script_summary(english:\"ISS BlackICE Vulnerable version detection\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The firewall running on the remote host has multiple buffer overflow\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"ISS BlackICE is a personal Firewall/IDS for windows Desktops. Several\nremote holes have been found in the product. An attacker, exploiting\nthese flaws, would be able to either crash the remote firewall/IDS\nservice or execute code on the target machine.\n\nAccording to the remote version number, the remote host is vulnerable\nto at least one remote overflow.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.eeye.com/html/Research/Advisories/AD20040226.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.eeye.com/html/Research/Advisories/AD20040318.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to the latest version of BlackICE.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/02/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"blackice_configs.nasl\");\n script_require_keys(\"SMB/BlackICE/Version\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"smb_func.inc\");\nmyread = get_kb_item(\"SMB/BlackICE/Version\");\nif ( ! myread ) exit(0);\n\n\n# what does the logfile format look like:\n# ---------- BLACKD.LOG\n# [25]Fri, 19 Mar 2004 09:58:20: BlackICE Product Version : 7.0.ebf\n\nif (strstr(myread, \"BlackICE Product Version\")) {\n # all versions 7.0 eba through ebh and 3.6 ebr through ecb\n if (egrep(string:myread, pattern:\"BlackICE Product Version.*(7\\.0\\.eb[a-h]|3\\.6\\.e(b[r-z]|c[ab]))\")) {\n # do a warning for smb bug\n mywarning = string(\n\"According to the remote version number, the remote host is vulnerable\nto a bug wherein a malformed SMB packet will allow the attacker to execute\narbitrary code on the target system.\");\n port = kb_smb_transport();\n if (!port) port = 139;\n security_hole(port:port, extra:mywarning);\n }\n\n\n # all versions prior to 7.0.ebl and 3.6.ecf\n if ( (egrep(string:myread, pattern:\"BlackICE Product Version.*[0-6]\\.[0-9]\\.[a-z][a-z][a-z]\")) ||\n (egrep(string:myread, pattern:\"BlackICE Product Version.*7\\.0\\.([a-d][a-z][a-z]|e(a[a-z]|b[a-h]))\")) ) {\n mywarning = string(\n\"According to the remote version number, the remote host is vulnerable\nto a bug wherein a malformed ICQ packet will allow the attacker to execute\narbitrary code on the target system.\");\n port = kb_smb_transport();\n if (!port) port = 139;\n security_hole(port:port, extra:mywarning);\n }\n\n\n # only certain versions which have a default config issue\n # VULN VERSION:\n # 7.0 eb[j-m]\n # 3.6 ec[d-g]\n # 3.6 cc[d-g]\n\n if (egrep(string:myread, pattern:\"BlackICE Product Version.*(7\\.0\\.eb[j-m]|3\\.6\\.(ec[d-g]|cc[d-g]))\")) {\n #warning for misconfiguration\n mywarning = string(\n\"Nessus detected a version of BlackICE with insecure default settings.\");\n port = kb_smb_transport();\n if (!port) port = 139;\n security_hole(port:port, extra:mywarning);\n }\n\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}