CVE-2004-0193

Name of the Vulnerable Software and Affected Versions RealSecure Network versions 7.0 RealSecure Desktop versions 7.0 and 3.6 RealSecure Guard version 3.6 RealSecure Sentry version 3.6 Proventia A, G, and M Series (affected versions not specified) BlackICE PC Protection version 3.6 BlackICE Server Protection version 3.6

Description A heap-based buffer overflow issue exists in the ISS Protocol Analysis Module (PAM) used in certain products. This issue allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

Recommendations For RealSecure Network version 7.0, update to a version that includes a fix for the heap-based buffer overflow issue in the ISS Protocol Analysis Module. For RealSecure Desktop versions 7.0 and 3.6, update to a version that includes a fix for the heap-based buffer overflow issue in the ISS Protocol Analysis Module. For RealSecure Guard version 3.6, update to a version that includes a fix for the heap-based buffer overflow issue in the ISS Protocol Analysis Module. For RealSecure Sentry version 3.6, update to a version that includes a fix for the heap-based buffer overflow issue in the ISS Protocol Analysis Module. For Proventia A, G, and M Series, contact the vendor for guidance on updating to a version that includes a fix for the heap-based buffer overflow issue in the ISS Protocol Analysis Module. For BlackICE PC Protection version 3.6, update to a version that includes a fix for the heap-based buffer overflow issue in the ISS Protocol Analysis Module. For BlackICE Server Protection version 3.6, update to a version that includes a fix for the heap-based buffer overflow issue in the ISS Protocol Analysis Module.