Details of VAR-200403-0064

ID

VAR-200403-0064

CVE

CVE-2004-0193

TITLE

Internet Security Systems' BlackICE and RealSecure contain a heap overflow in the processing of SMB packets

Trust: 0.8

sources: CERT/CC: VU#150326

DESCRIPTION

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username. Internet Security Systems' BlackICE and RealSecure intrusion detection products contain a remotely exploitable vulnerability. Exploitation of this vulnerability could lead to the compromise of the system with privileges of the vulnerable process, typically the "SYSTEM" user. The issue exists in the SMB parsing routines provided by the module and is due to insufficient bounds checking of protocol fields. This issue could potentially be exploited to execute arbitrary code on systems hosting the vulnerable software, potentially resulting in system compromise. RealSecure and BlackICE are host-based intrusion detection/prevention systems offered by ISS that identify and block network attacks and intrusions. Remote attackers can exploit this vulnerability to carry out buffer overflow attacks and execute arbitrary commands on the host with system privileges. Protocol Analysis Module (Protocol Analysis Module) is used to analyze network protocols to perform further analysis and attack detection. One of the supported protocols is the SMB protocol. SMB provides a mechanism for clients to remotely access resources such as files, printers, and named pipes. Because the PAM protocol analysis module lacks sufficient boundary checks in the parsing of \"Setup AndX\" SMB requests, the result can lead to remote attackers submitting SMB \"Setup AndX\" whose AccountName parameter contains a character string exceeding 300 bytes or longer " request, which can trigger a heap-based overflow. However, in some products, heap protection can detect these memory corruptions and restart PAM components to clean up the heap content. SMB parsing is state-based in PAM, and can only be triggered by establishing a real SMB connection with the server in the network through TCP/IP

Trust: 2.7

sources: NVD: CVE-2004-0193 // CERT/CC: VU#150326 // JVNDB: JVNDB-2004-000059 // BID: 9752 // VULHUB: VHN-8623

AFFECTED PRODUCTS

vendor:	iss	model:	blackice server protection	scope:	eq	version:	3.6cbz	Trust: 1.6
vendor:	iss	model:	blackice agent server	scope:	eq	version:	3.6eca	Trust: 1.6
vendor:	iss	model:	realsecure desktop	scope:	eq	version:	7.0ebg	Trust: 1.6
vendor:	iss	model:	realsecure guard	scope:	eq	version:	3.6ecb	Trust: 1.6
vendor:	iss	model:	realsecure network	scope:	eq	version:	7.0	Trust: 1.6
vendor:	iss	model:	realsecure desktop	scope:	eq	version:	7.0epk	Trust: 1.6
vendor:	iss	model:	blackice pc protection	scope:	eq	version:	3.6cbd	Trust: 1.6
vendor:	iss	model:	realsecure desktop	scope:	eq	version:	3.6eca	Trust: 1.6
vendor:	iss	model:	realsecure sentry	scope:	eq	version:	3.6ecf	Trust: 1.6
vendor:	iss	model:	realsecure desktop	scope:	eq	version:	3.6ecf	Trust: 1.6
vendor:	iss	model:	realsecure server sensor	scope:	eq	version:	7.0	Trust: 1.0
vendor:	iss	model:	proventia m series xpu	scope:	eq	version:	1.30	Trust: 1.0
vendor:	iss	model:	proventia g series xpu	scope:	eq	version:	22.3	Trust: 1.0
vendor:	iss	model:	proventia a series xpu	scope:	eq	version:	20.15	Trust: 1.0
vendor:	internet security	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	the internet security	model:	realsecure network sensor	scope:	eq	version:	7.0	Trust: 0.8
vendor:	the internet security	model:	realsecure server sensor	scope:	eq	version:	7.0	Trust: 0.8
vendor:	internet	model:	security systems realsecure server sensor xpu	scope:	eq	version:	7.022.9	Trust: 0.3
vendor:	internet	model:	security systems realsecure server sensor xpu	scope:	eq	version:	7.020.19	Trust: 0.3
vendor:	internet	model:	security systems realsecure server sensor xpu	scope:	eq	version:	7.020.18	Trust: 0.3
vendor:	internet	model:	security systems realsecure server sensor xpu	scope:	eq	version:	7.020.16	Trust: 0.3
vendor:	internet	model:	security systems realsecure sentry ecb	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems realsecure sentry ebr	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems realsecure network sensor xpu	scope:	eq	version:	7.022.9	Trust: 0.3
vendor:	internet	model:	security systems realsecure network sensor xpu	scope:	eq	version:	7.020.11	Trust: 0.3
vendor:	internet	model:	security systems realsecure guard ecb	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems realsecure guard ebr	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems realsecure desktop ebh	scope:	eq	version:	7.0	Trust: 0.3
vendor:	internet	model:	security systems realsecure desktop ebg	scope:	eq	version:	7.0	Trust: 0.3
vendor:	internet	model:	security systems realsecure desktop eba	scope:	eq	version:	7.0	Trust: 0.3
vendor:	internet	model:	security systems realsecure desktop ecb	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems realsecure desktop eca	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems realsecure desktop ebr	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems proventia m series xpu	scope:	eq	version:	1.7	Trust: 0.3
vendor:	internet	model:	security systems proventia m series xpu	scope:	eq	version:	1.3	Trust: 0.3
vendor:	internet	model:	security systems proventia a series xpu	scope:	eq	version:	22.9	Trust: 0.3
vendor:	internet	model:	security systems proventia a series xpu	scope:	eq	version:	20.15	Trust: 0.3
vendor:	internet	model:	security systems blackice server protection ccb	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems blackice server protection cbz	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems blackice server protection cbr	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems blackice pc protection ccb	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems blackice pc protection cbr	scope:	eq	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems blackice pc protection .cbz	scope:	eq	version:	3.6	Trust: 0.3
vendor:	ibm	model:	proventia g series xpu	scope:	eq	version:	22.9	Trust: 0.3
vendor:	ibm	model:	proventia g series xpu	scope:	eq	version:	22.3	Trust: 0.3
vendor:	internet	model:	security systems realsecure server sensor xpu	scope:	ne	version:	7.022.10	Trust: 0.3
vendor:	internet	model:	security systems realsecure sentry ecd	scope:	ne	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems realsecure network sensor xpu	scope:	ne	version:	7.022.10	Trust: 0.3
vendor:	internet	model:	security systems realsecure guard ecd	scope:	ne	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems realsecure desktop ebj	scope:	ne	version:	7.0	Trust: 0.3
vendor:	internet	model:	security systems realsecure desktop ecd	scope:	ne	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems proventia m series xpu	scope:	ne	version:	1.8	Trust: 0.3
vendor:	internet	model:	security systems proventia a series xpu	scope:	ne	version:	22.10	Trust: 0.3
vendor:	internet	model:	security systems blackice server protection ccd	scope:	ne	version:	3.6	Trust: 0.3
vendor:	internet	model:	security systems blackice pc protection ccd	scope:	ne	version:	3.6	Trust: 0.3
vendor:	ibm	model:	proventia g series xpu	scope:	ne	version:	22.10	Trust: 0.3

sources: CERT/CC: VU#150326 // BID: 9752 // JVNDB: JVNDB-2004-000059 // CNNVD: CNNVD-200403-071 // NVD: CVE-2004-0193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0193
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#150326
value:	12.12
Trust: 0.8
NVD:	CVE-2004-0193
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200403-071
value:	HIGH
Trust: 0.6
VULHUB:	VHN-8623
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0193
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8623
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#150326 // VULHUB: VHN-8623 // JVNDB: JVNDB-2004-000059 // CNNVD: CNNVD-200403-071 // NVD: CVE-2004-0193

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0193

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200403-071

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 9752 // CNNVD: CNNVD-200403-071

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000059

PATCH

title:

Top Page

url:

http://www.isskk.co.jp/

Trust: 0.8

sources: JVNDB: JVNDB-2004-000059

EXTERNAL IDS

db:	CERT/CC	id:	VU#150326	Trust: 3.3
db:	BID	id:	9752	Trust: 2.8
db:	NVD	id:	CVE-2004-0193	Trust: 2.5
db:	SECUNIA	id:	10988	Trust: 1.7
db:	OSVDB	id:	4072	Trust: 1.7
db:	JVNDB	id:	JVNDB-2004-000059	Trust: 0.8
db:	CNNVD	id:	CNNVD-200403-071	Trust: 0.7
db:	ISS	id:	20040226 VULNERABILITY IN SMB PARSING IN ISS PRODUCTS	Trust: 0.6
db:	EEYE	id:	AD20040226	Trust: 0.6
db:	XF	id:	15207	Trust: 0.6
db:	BUGTRAQ	id:	20040227 EEYE: REALSECURE/BLACKICE SERVER MESSAGE BLOCK (SMB) PROCESSING OVERFLOW	Trust: 0.6
db:	VULHUB	id:	VHN-8623	Trust: 0.1

sources: CERT/CC: VU#150326 // VULHUB: VHN-8623 // BID: 9752 // JVNDB: JVNDB-2004-000059 // CNNVD: CNNVD-200403-071 // NVD: CVE-2004-0193

REFERENCES

url:	http://www.eeye.com/html/research/advisories/ad20040226.html	Trust: 2.8
url:	http://xforce.iss.net/xforce/alerts/id/165	Trust: 2.8
url:	http://www.eeye.com/html/research/upcoming/20040213.html	Trust: 2.5
url:	http://www.securityfocus.com/bid/9752	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/150326	Trust: 2.5
url:	http://www.osvdb.org/4072	Trust: 1.7
url:	http://secunia.com/advisories/10988	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=107789851117176&w=2	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15207	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0193	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0193	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/15207	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=107789851117176&w=2	Trust: 0.6

sources: CERT/CC: VU#150326 // VULHUB: VHN-8623 // BID: 9752 // JVNDB: JVNDB-2004-000059 // CNNVD: CNNVD-200403-071 // NVD: CVE-2004-0193

CREDITS

eEye info@eEye.com

Trust: 0.6

sources: CNNVD: CNNVD-200403-071

SOURCES

db:	CERT/CC	id:	VU#150326
db:	VULHUB	id:	VHN-8623
db:	BID	id:	9752
db:	JVNDB	id:	JVNDB-2004-000059
db:	CNNVD	id:	CNNVD-200403-071
db:	NVD	id:	CVE-2004-0193

LAST UPDATE DATE

2024-08-14T15:20:17.955000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#150326	date:	2004-02-27T00:00:00
db:	VULHUB	id:	VHN-8623	date:	2017-10-10T00:00:00
db:	BID	id:	9752	date:	2004-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2004-000059	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200403-071	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2004-0193	date:	2017-10-10T01:30:19.173

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#150326	date:	2004-02-27T00:00:00
db:	VULHUB	id:	VHN-8623	date:	2004-03-15T00:00:00
db:	BID	id:	9752	date:	2004-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2004-000059	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200403-071	date:	2004-02-26T00:00:00
db:	NVD	id:	CVE-2004-0193	date:	2004-03-15T05:00:00