Lucene search

[email protected]CVE-2004-0193

HistoryMar 15, 2004 - 5:00 a.m.

CVE-2004-0193

2004-03-1505:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0193

buffer overflow

iss protocol analysis module

realsecure

proventia

smb packet

remote code execution

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.244 Low

EPSS

Percentile

96.6%

JSON

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

CPENameOperatorVersion
iss:realsecure_desktopiss realsecure desktopeq7.0ebg
iss:realsecure_guardiss realsecure guardeq3.6ecb
iss:realsecure_sentryiss realsecure sentryeq3.6ecf
iss:realsecure_server_sensoriss realsecure server sensoreq7.0
iss:realsecure_desktopiss realsecure desktopeq3.6ecf
iss:blackice_pc_protectioniss blackice pc protectioneq3.6cbd
iss:blackice_agent_serveriss blackice agent servereq3.6eca
iss:realsecure_networkiss realsecure networkeq7.0
iss:blackice_server_protectioniss blackice server protectioneq3.6cbz
iss:realsecure_desktopiss realsecure desktopeq3.6eca

CPE	Name	Operator	Version
iss:realsecure_desktop	iss realsecure desktop	eq	7.0ebg
iss:realsecure_guard	iss realsecure guard	eq	3.6ecb
iss:realsecure_sentry	iss realsecure sentry	eq	3.6ecf
iss:realsecure_server_sensor	iss realsecure server sensor	eq	7.0
iss:realsecure_desktop	iss realsecure desktop	eq	3.6ecf
iss:blackice_pc_protection	iss blackice pc protection	eq	3.6cbd
iss:blackice_agent_server	iss blackice agent server	eq	3.6eca
iss:realsecure_network	iss realsecure network	eq	7.0
iss:blackice_server_protection	iss blackice server protection	eq	3.6cbz
iss:realsecure_desktop	iss realsecure desktop	eq	3.6eca

Rows per page:

1-10 of 141

References

marc.info/?l=bugtraq&m=107789851117176&w=2

secunia.com/advisories/10988

www.eeye.com/html/Research/Advisories/AD20040226.html

www.eeye.com/html/Research/Upcoming/20040213.html

www.kb.cert.org/vuls/id/150326

www.osvdb.org/4072

www.securityfocus.com/bid/9752

xforce.iss.net/xforce/alerts/id/165

exchange.xforce.ibmcloud.com/vulnerabilities/15207

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.244 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2004-0193

cvelist1 nessus1