Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2004-0362
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm..
CVSSv2.0 Score
- Severity
- High
- Base Score
- 7.5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.4:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.5:sr3.2:windows:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_20.11:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:7.0ebg:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_guard:3.6ecb:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:7.0ebh:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.6:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_pc_protection:3.6ccf:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_sentry:3.6ece:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:3.6ebz:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_pc_protection:3.6ccb:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_sentry:3.6ecf:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.4:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_guard:3.6ece:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.0:*:windows:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:3.6ecd:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_guard:3.6eca:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_pc_protection:3.6cbz:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.10:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_pc_protection:3.6cce:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:7.0ebj:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.9:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.5:*:windows:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.9:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_guard:3.6ebz:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_pc_protection:3.6cca:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_agent_server:3.6ecc:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.7:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_sentry:3.6ebz:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:3.6ecf:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:3.6ecb:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_guard:3.6ecd:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:7.0eba:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.2:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_sentry:3.6ecc:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.5:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_server_protection:3.6ccb:*:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.9:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_agent_server:3.6ecb:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.7:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:7.0ebk:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_pc_protection:3.6ccd:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.0.1_win_sr1.1:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:7.0ebl:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_agent_server:3.6ebz:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.6:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_agent_server:3.6ece:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.5:sr3.3:windows:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_server_protection:3.6cce:*:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_pc_protection:3.6ccc:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_network_sensor:7.0:xpu_22.4:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.5:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_server_protection:3.6ccd:*:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_guard:3.6ecf:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:7.0ebf:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_server_protection:3.6cca:*:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:3.6ece:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_agent_server:3.6ecd:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_agent_server:3.6eca:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_guard:3.6ecc:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.1:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.3:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.10:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_sentry:3.6ecd:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_agent_server:3.6ecf:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.1:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.10:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_sentry:3.6eca:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.0.1:*:windows:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_server_protection:3.6ccc:*:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_server_protection:3.6cbz:*:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_sentry:3.6ecb:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_desktop:3.6eca:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.11:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu22.8:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:blackice_server_protection:3.6ccf:*:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_network_sensor:7.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:iss:realsecure_server_sensor:6.5_win_sr3.8:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_m_series_xpu:1.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_a_series_xpu:22.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_g_series_xpu:22.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_m_series_xpu:1.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_m_series_xpu:1.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_g_series_xpu:22.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_a_series_xpu:22.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_m_series_xpu:1.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_a_series_xpu:22.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_a_series_xpu:22.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_g_series_xpu:22.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_g_series_xpu:22.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_a_series_xpu:22.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_g_series_xpu:22.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_a_series_xpu:22.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_a_series_xpu:22.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_g_series_xpu:22.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_a_series_xpu:22.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_g_series_xpu:22.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_m_series_xpu:1.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_a_series_xpu:20.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_g_series_xpu:22.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_a_series_xpu:22.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_a_series_xpu:22.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_g_series_xpu:22.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_m_series_xpu:1.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_m_series_xpu:1.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_g_series_xpu:22.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_m_series_xpu:1.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_g_series_xpu:22.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:h:iss:proventia_m_series_xpu:1.4:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://xforce.iss.net/xforce/alerts/id/166
- http://www.kb.cert.org/vuls/id/947254
- http://www.securityfocus.com/bid/9913
- http://www.eeye.com/html/Research/Advisories/AD20040318.html
- http://www.ciac.org/ciac/bulletins/o-104.shtml
- http://www.osvdb.org/4355
- http://secunia.com/advisories/11073
- http://marc.info/?l=bugtraq&m=107965651712378&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15543
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15442