CVE-2004-0193
CVSS7.5
发布时间 :2004-03-15 00:00:00
修订时间 :2016-10-17 22:41:43
NMCO    

[原文]Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.


[CNNVD]ISS RealSecure/BlackICE协议分析模块SMB解析堆溢出漏洞(CNNVD-200403-071)

        
        RealSecure和BlackICE是ISS提供的给基于主机的入侵检测/防御系统,这些产品可识别和阻挡网络攻击和入侵。
        RealSecure和BlackICE使用的协议分析模块在处理SMB协议时缺少充分的缓冲区边界检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以系统权限在主机中执行任意指令。
        协议分析模块(Protocol Analysis Module)用于解析网络协议来执行进一步的分析和攻击检测。其中之一支持的协议是SMB协议。SMB为客户端提供远程访问资源如文件、打印机、有名管道等的机制。
        由于PAM协议分析模块对"Setup AndX"的SMB请求的解析缺少充分的边界检查,结果可导致远程攻击者提交AccountName参数包含超过300字节或更长的字符串的SMB "Setup AndX"请求,可触发基于堆的溢出。不过在部分产品中,堆保护可以探测到这些内存破坏并且重启动PAM组件以清理堆内容。
        SMB解析在PAM是基于状态的,必须通过TCP/IP与网络中服务器建立一个真实的SMB连接才能触发。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:iss:realsecure_network:7.0:xpu_20.15
cpe:/a:iss:realsecure_desktop:7.0ebgInternet Security Systems RealSecure Desktop 7.0ebg
cpe:/a:iss:realsecure_server_sensor:7.0:xpu20.16
cpe:/h:iss:proventia_a_series_xpu:20.15Internet Security Systems Proventia A Series XPU 20.15
cpe:/a:iss:blackice_pc_protection:3.6cbdInternet Security Systems BlackICE PC Protection 3.6cbd
cpe:/h:iss:proventia_m_series_xpu:1.30Internet Security Systems Proventia M Series XPU 1.3
cpe:/a:iss:blackice_server_protection:3.6cbzInternet Security Systems BlackICE Server Protection 3.6cbz
cpe:/a:iss:realsecure_guard:3.6ecbInternet Security Systems RealSecure Guard 3.6ecb
cpe:/a:iss:realsecure_desktop:3.6ecaInternet Security Systems RealSecure Desktop 3.6eca
cpe:/a:iss:realsecure_desktop:7.0epkInternet Security Systems RealSecure Desktop 7.0epk
cpe:/a:iss:realsecure_sentry:3.6ecfInternet Security Systems RealSecure Sentry 3.6ecf
cpe:/h:iss:proventia_g_series_xpu:22.3Internet Security Systems Proventia G Series XPU 22.3
cpe:/a:iss:realsecure_desktop:3.6ecfInternet Security Systems RealSecure Desktop 3.6ecf
cpe:/a:iss:blackice_agent_server:3.6ecaInternet Security Systems BlackICE Agent Server 3.6eca

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0193
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0193
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200403-071
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107789851117176&w=2
(UNKNOWN)  BUGTRAQ  20040227 EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow
http://www.eeye.com/html/Research/Advisories/AD20040226.html
(UNKNOWN)  EEYE  AD20040226
http://www.eeye.com/html/Research/Upcoming/20040213.html
(VENDOR_ADVISORY)  MISC  http://www.eeye.com/html/Research/Upcoming/20040213.html
http://www.kb.cert.org/vuls/id/150326
(VENDOR_ADVISORY)  CERT-VN  VU#150326
http://www.securityfocus.com/bid/9752
(UNKNOWN)  BID  9752
http://xforce.iss.net/xforce/alerts/id/165
(VENDOR_ADVISORY)  ISS  20040226 Vulnerability in SMB Parsing in ISS Products
http://xforce.iss.net/xforce/xfdb/15207
(UNKNOWN)  XF  pam-smb-protocol-bo(15207)

- 漏洞信息

ISS RealSecure/BlackICE协议分析模块SMB解析堆溢出漏洞
高危 边界条件错误
2004-03-15 00:00:00 2005-05-13 00:00:00
远程  
        
        RealSecure和BlackICE是ISS提供的给基于主机的入侵检测/防御系统,这些产品可识别和阻挡网络攻击和入侵。
        RealSecure和BlackICE使用的协议分析模块在处理SMB协议时缺少充分的缓冲区边界检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以系统权限在主机中执行任意指令。
        协议分析模块(Protocol Analysis Module)用于解析网络协议来执行进一步的分析和攻击检测。其中之一支持的协议是SMB协议。SMB为客户端提供远程访问资源如文件、打印机、有名管道等的机制。
        由于PAM协议分析模块对"Setup AndX"的SMB请求的解析缺少充分的边界检查,结果可导致远程攻击者提交AccountName参数包含超过300字节或更长的字符串的SMB "Setup AndX"请求,可触发基于堆的溢出。不过在部分产品中,堆保护可以探测到这些内存破坏并且重启动PAM组件以清理堆内容。
        SMB解析在PAM是基于状态的,必须通过TCP/IP与网络中服务器建立一个真实的SMB连接才能触发。
        

- 公告与补丁

        厂商补丁:
        ISS
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Internet Security Systems Proventia A Series XPU 22.9:
        Internet Security Systems Upgrade Proventia A Series, XPU 22.10
        
        http://www.iss.net/download

        Internet Security Systems Proventia G Series XPU 22.9:
        Internet Security Systems Upgrade Proventia G Series, XPU 22.10
        
        http://www.iss.net/download

        Internet Security Systems Proventia G Series XPU 22.3:
        Internet Security Systems Upgrade Proventia G Series, XPU 22.10
        
        http://www.iss.net/download

        Internet Security Systems Proventia A Series XPU 20.15:
        Internet Security Systems Upgrade Proventia A Series, XPU 22.10
        
        http://www.iss.net/download

        Internet Security Systems Proventia M Series XPU 1.7:
        Internet Security Systems Upgrade Proventia M Series, XPU 1.8
        
        http://www.iss.net/download

        Internet Security Systems Proventia M Series XPU 1.3:
        Internet Security Systems Upgrade Proventia M Series, XPU 1.8
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Desktop 3.6 ecb:
        Internet Security Systems Upgrade RealSecure Desktop 3.6 ecd
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Desktop 3.6 eca:
        Internet Security Systems Upgrade RealSecure Desktop 3.6 ecd
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Desktop 3.6 ebr:
        Internet Security Systems Upgrade RealSecure Desktop 3.6 ecd
        
        http://www.iss.net/download

        Internet Security Systems BlackIce Server Protection 3.6 ccb:
        Internet Security Systems Upgrade BlackICE Server Protection 3.6 ccd
        
        http://www.iss.net/download

        Internet Security Systems BlackICE PC Protection 3.6 ccb:
        Internet Security Systems Upgrade BlackICE PC Protection 3.6 ccd
        
        http://www.iss.net/download

        Internet Security Systems BlackIce Server Protection 3.6 cbz:
        Internet Security Systems Upgrade BlackICE Server Protection 3.6 ccd
        
        http://www.iss.net/download

        Internet Security Systems BlackICE PC Protection 3.6 cbr:
        Internet Security Systems Upgrade BlackICE PC Protection 3.6 ccd
        
        http://www.iss.net/download

        Internet Security Systems BlackIce Server Protection 3.6 cbr:
        Internet Security Systems Upgrade BlackICE Server Protection 3.6 ccd
        
        http://www.iss.net/download

        Internet Security Systems BlackICE PC Protection 3.6 .cbz:
        Internet Security Systems Upgrade BlackICE PC Protection 3.6 ccd
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Guard 3.6 ecb:
        Internet Security Systems Upgrade RealSecure Guard 3.6 ecd
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Sentry 3.6 ecb:
        Internet Security Systems Upgrade RealSecure Sentry 3.6 ecd
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Sentry 3.6 ebr:
        Internet Security Systems Upgrade RealSecure Sentry 3.6 ecd
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Guard 3.6 ebr:
        Internet Security Systems Upgrade RealSecure Guard 3.6 ecd
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Desktop 7.0 ebh:
        Internet Security Systems Upgrade RealSecure Desktop 7.0 ebj
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Desktop 7.0 ebg:
        Internet Security Systems Upgrade RealSecure Desktop 7.0 ebj
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Desktop 7.0 eba:
        Internet Security Systems Upgrade RealSecure Desktop 7.0 ebj
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Network Sensor 7.0 XPU 22.9:
        Internet Security Systems Upgrade RealSecure Network 7.0, XPU 22.10
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Server Sensor 7.0 XPU 22.9:
        Internet Security Systems Upgrade RealSecure Server Sensor 7.0, XPU 22.1
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.19:
        Internet Security Systems Upgrade RealSecure Server Sensor 7.0, XPU 22.1
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.18:
        Internet Security Systems Upgrade RealSecure Server Sensor 7.0, XPU 22.1
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.16:
        Internet Security Systems Upgrade RealSecure Server Sensor 7.0, XPU 22.1
        
        http://www.iss.net/download

        Internet Security Systems RealSecure Network Sensor 7.0 XPU 20.15:
        Internet Security Systems Upgrade RealSecure Network 7.0, XPU 22.10
        
        http://www.iss.net/download

- 漏洞信息

4702
RealSecure/BlackICE PAM Module SMB Packet Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-02-24 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站