CVE Vulnerabilities

CVE-2004-0193

Published: Mar 15, 2004 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

Affected Software

Name Vendor Start Version End Version
Blackice_agent_server Iss 3.6eca 3.6eca
Blackice_pc_protection Iss 3.6cbd 3.6cbd
Blackice_server_protection Iss 3.6cbz 3.6cbz
Realsecure_desktop Iss 3.6eca 3.6eca
Realsecure_desktop Iss 3.6ecf 3.6ecf
Realsecure_desktop Iss 7.0ebg 7.0ebg
Realsecure_desktop Iss 7.0epk 7.0epk
Realsecure_guard Iss 3.6ecb 3.6ecb
Realsecure_network Iss 7.0 7.0
Realsecure_sentry Iss 3.6ecf 3.6ecf
Realsecure_server_sensor Iss 7.0 7.0

References