CVE-2004-0193

Sažetak

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

Reference

http://marc.info/?l=bugtraq&m=107789851117176&w=2
http://secunia.com/advisories/10988
http://www.eeye.com/html/Research/Advisories/AD20040226.html
http://www.eeye.com/html/Research/Upcoming/20040213.html
http://www.kb.cert.org/vuls/id/150326
http://www.osvdb.org/4072
http://www.securityfocus.com/bid/9752
http://xforce.iss.net/xforce/alerts/id/165
https://exchange.xforce.ibmcloud.com/vulnerabilities/15207

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-10-2017 - 01:30

Objavljeno

15-03-2004 - 05:00