{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2004-03-18T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#150326", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/150326"}, {"name": "20040226 Vulnerability in SMB Parsing in ISS Products", "tags": ["third-party-advisory", "x_refsource_ISS"], "url": "http://xforce.iss.net/xforce/alerts/id/165"}, {"name": "4072", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/4072"}, {"name": "10988", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/10988"}, {"name": "20040227 EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=107789851117176&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://www.eeye.com/html/Research/Upcoming/20040213.html"}, {"name": "pam-smb-protocol-bo(15207)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15207"}, {"name": "AD20040226", "tags": ["third-party-advisory", "x_refsource_EEYE"], "url": "http://www.eeye.com/html/Research/Advisories/AD20040226.html"}, {"name": "9752", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9752"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0193", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#150326", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/150326"}, {"name": "20040226 Vulnerability in SMB Parsing in ISS Products", "refsource": "ISS", "url": "http://xforce.iss.net/xforce/alerts/id/165"}, {"name": "4072", "refsource": "OSVDB", "url": "http://www.osvdb.org/4072"}, {"name": "10988", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10988"}, {"name": "20040227 EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107789851117176&w=2"}, {"name": "http://www.eeye.com/html/Research/Upcoming/20040213.html", "refsource": "MISC", "url": "http://www.eeye.com/html/Research/Upcoming/20040213.html"}, {"name": "pam-smb-protocol-bo(15207)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15207"}, {"name": "AD20040226", "refsource": "EEYE", "url": "http://www.eeye.com/html/Research/Advisories/AD20040226.html"}, {"name": "9752", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9752"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0193", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2004-03-04T00:00:00", "dateUpdated": "2004-03-18T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iss:blackice_agent_server:3.6eca:*:*:*:*:*:*:*", "matchCriteriaId": "68D71B50-D280-4735-BFFE-2548C3117D70", "vulnerable": true}, {"criteria": "cpe:2.3:a:iss:blackice_pc_protection:3.6cbd:*:*:*:*:*:*:*", "matchCriteriaId": "D62AC2AC-E7ED-498B-805F-2300B9793C2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:iss:blackice_server_protection:3.6cbz:*:*:*:*:*:*:*", "matchCriteriaId": "E33242A8-7BE6-4A69-A7CC-81BAFC2ADD50", "vulnerable": true}, {"criteria": "cpe:2.3:a:iss:realsecure_desktop:3.6eca:*:*:*:*:*:*:*", "matchCriteriaId": "CF2247F3-0287-40DC-8CE8-3D0E15910056", "vulnerable": true}, {"criteria": "cpe:2.3:a:iss:realsecure_desktop:3.6ecf:*:*:*:*:*:*:*", "matchCriteriaId": "23AE96AD-84D6-4C76-9197-AFCDCC6EA705", "vulnerable": true}, {"criteria": "cpe:2.3:a:iss:realsecure_desktop:7.0ebg:*:*:*:*:*:*:*", "matchCriteriaId": "1F9233FA-D30A-4D0B-9605-CAA119C97CC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:iss:realsecure_desktop:7.0epk:*:*:*:*:*:*:*", "matchCriteriaId": "F3CEB52E-9D4F-456A-A0C9-38E9D5FB6770", "vulnerable": true}, {"criteria": "cpe:2.3:a:iss:realsecure_guard:3.6ecb:*:*:*:*:*:*:*", "matchCriteriaId": "31FBC29D-CA61-44D8-A270-46A03A833B86", "vulnerable": true}, {"criteria": "cpe:2.3:a:iss:realsecure_network:7.0:xpu_20.15:*:*:*:*:*:*", "matchCriteriaId": "4D69F073-8619-42F0-BCF4-EB15F22D2855", "vulnerable": true}, {"criteria": "cpe:2.3:a:iss:realsecure_sentry:3.6ecf:*:*:*:*:*:*:*", "matchCriteriaId": "8983BE98-CC42-4B87-931B-31EF6B9AB840", "vulnerable": true}, {"criteria": "cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu20.16:*:*:*:*:*:*", "matchCriteriaId": "A6E4DF0F-6EE2-4445-BAAA-F6762CB933F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:iss:proventia_a_series_xpu:20.15:*:*:*:*:*:*:*", "matchCriteriaId": "EC3D8ECB-C355-4AD4-8AE1-EE3621EBAB1F", "vulnerable": true}, {"criteria": "cpe:2.3:h:iss:proventia_g_series_xpu:22.3:*:*:*:*:*:*:*", "matchCriteriaId": "0C3D5C60-1E1C-4831-895A-7C28D279FFF8", "vulnerable": true}, {"criteria": "cpe:2.3:h:iss:proventia_m_series_xpu:1.30:*:*:*:*:*:*:*", "matchCriteriaId": "616323E5-C7EB-4101-9F10-1A33645FEDAB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en la pila en el M\u00f3dulo de an\u00e1lisis de Protocolos (PAM) de ISS, usado en ciertas versiones de RealSecure Network 7.0 y Server Sensor 7.0, Proventia series A, G, y M, Desktop 7.0 y 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, y BlackICE Server Protection 3.6, permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un paquete SMB conteniendo una petici\u00f3n de autenticaci\u00f3n con un nombre de usuario largo."}], "id": "CVE-2004-0193", "lastModified": "2017-10-10T01:30:19.173", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-03-15T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=107789851117176&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/10988"}, {"source": "cve@mitre.org", "url": "http://www.eeye.com/html/Research/Advisories/AD20040226.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.eeye.com/html/Research/Upcoming/20040213.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/150326"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/4072"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/9752"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xforce.iss.net/xforce/alerts/id/165"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15207"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}