CVE-2004-0193

{"id": "CVE-2004-0193", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-03-15T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=107789851117176&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/10988", "source": "cve@mitre.org"}, {"url": "http://www.eeye.com/html/Research/Advisories/AD20040226.html", "source": "cve@mitre.org"}, {"url": "http://www.eeye.com/html/Research/Upcoming/20040213.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/150326", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/4072", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9752", "source": "cve@mitre.org"}, {"url": "http://xforce.iss.net/xforce/alerts/id/165", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15207", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=107789851117176&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/10988", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.eeye.com/html/Research/Advisories/AD20040226.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.eeye.com/html/Research/Upcoming/20040213.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/150326", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/4072", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/9752", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://xforce.iss.net/xforce/alerts/id/165", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15207", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en la pila en el M\u00f3dulo de an\u00e1lisis de Protocolos (PAM) de ISS, usado en ciertas versiones de RealSecure Network 7.0 y Server Sensor 7.0, Proventia series A, G, y M, Desktop 7.0 y 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, y BlackICE Server Protection 3.6, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un paquete SMB conteniendo una petici\u00f3n de autenticaci\u00f3n con un nombre de usuario largo."}], "lastModified": "2024-11-20T23:47:58.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iss:blackice_agent_server:3.6eca:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68D71B50-D280-4735-BFFE-2548C3117D70"}, {"criteria": "cpe:2.3:a:iss:blackice_pc_protection:3.6cbd:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D62AC2AC-E7ED-498B-805F-2300B9793C2E"}, {"criteria": "cpe:2.3:a:iss:blackice_server_protection:3.6cbz:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E33242A8-7BE6-4A69-A7CC-81BAFC2ADD50"}, {"criteria": "cpe:2.3:a:iss:realsecure_desktop:3.6eca:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF2247F3-0287-40DC-8CE8-3D0E15910056"}, {"criteria": "cpe:2.3:a:iss:realsecure_desktop:3.6ecf:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23AE96AD-84D6-4C76-9197-AFCDCC6EA705"}, {"criteria": "cpe:2.3:a:iss:realsecure_desktop:7.0ebg:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9233FA-D30A-4D0B-9605-CAA119C97CC9"}, {"criteria": "cpe:2.3:a:iss:realsecure_desktop:7.0epk:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3CEB52E-9D4F-456A-A0C9-38E9D5FB6770"}, {"criteria": "cpe:2.3:a:iss:realsecure_guard:3.6ecb:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31FBC29D-CA61-44D8-A270-46A03A833B86"}, {"criteria": "cpe:2.3:a:iss:realsecure_network:7.0:xpu_20.15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D69F073-8619-42F0-BCF4-EB15F22D2855"}, {"criteria": "cpe:2.3:a:iss:realsecure_sentry:3.6ecf:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8983BE98-CC42-4B87-931B-31EF6B9AB840"}, {"criteria": "cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu20.16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6E4DF0F-6EE2-4445-BAAA-F6762CB933F0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:iss:proventia_a_series_xpu:20.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC3D8ECB-C355-4AD4-8AE1-EE3621EBAB1F"}, {"criteria": "cpe:2.3:h:iss:proventia_g_series_xpu:22.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C3D5C60-1E1C-4831-895A-7C28D279FFF8"}, {"criteria": "cpe:2.3:h:iss:proventia_m_series_xpu:1.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "616323E5-C7EB-4101-9F10-1A33645FEDAB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}