CVE Vulnerabilities

CVE-2004-0193

Published: Mar 15, 2004 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

Affected Software

Name Vendor Start Version End Version
Blackice_agent_server Iss 3.6eca (including) 3.6eca (including)
Blackice_pc_protection Iss 3.6cbd (including) 3.6cbd (including)
Blackice_server_protection Iss 3.6cbz (including) 3.6cbz (including)
Realsecure_desktop Iss 3.6eca (including) 3.6eca (including)
Realsecure_desktop Iss 3.6ecf (including) 3.6ecf (including)
Realsecure_desktop Iss 7.0ebg (including) 7.0ebg (including)
Realsecure_desktop Iss 7.0epk (including) 7.0epk (including)
Realsecure_guard Iss 3.6ecb (including) 3.6ecb (including)
Realsecure_network Iss 7.0-xpu_20.15 (including) 7.0-xpu_20.15 (including)
Realsecure_sentry Iss 3.6ecf (including) 3.6ecf (including)
Realsecure_server_sensor Iss 7.0-xpu20.16 (including) 7.0-xpu20.16 (including)

References