CVE-2004-0362

Current Description

Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.

Basic Data

PublishedApril 15, 2004
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIssBlackice Agent Server3.6ebz*******
    2.3ApplicationIssBlackice Agent Server3.6eca*******
    2.3ApplicationIssBlackice Agent Server3.6ecb*******
    2.3ApplicationIssBlackice Agent Server3.6ecc*******
    2.3ApplicationIssBlackice Agent Server3.6ecd*******
    2.3ApplicationIssBlackice Agent Server3.6ece*******
    2.3ApplicationIssBlackice Agent Server3.6ecf*******
    2.3ApplicationIssBlackice Pc Protection3.6cbz*******
    2.3ApplicationIssBlackice Pc Protection3.6cca*******
    2.3ApplicationIssBlackice Pc Protection3.6ccb*******
    2.3ApplicationIssBlackice Pc Protection3.6ccc*******
    2.3ApplicationIssBlackice Pc Protection3.6ccd*******
    2.3ApplicationIssBlackice Pc Protection3.6cce*******
    2.3ApplicationIssBlackice Pc Protection3.6ccf*******
    2.3ApplicationIssBlackice Server Protection3.6cbz*******
    2.3ApplicationIssBlackice Server Protection3.6cca*******
    2.3ApplicationIssBlackice Server Protection3.6ccb*******
    2.3ApplicationIssBlackice Server Protection3.6ccc*******
    2.3ApplicationIssBlackice Server Protection3.6ccd*******
    2.3ApplicationIssBlackice Server Protection3.6cce*******
    2.3ApplicationIssBlackice Server Protection3.6ccf*******
    2.3ApplicationIssRealsecure Desktop3.6ebz*******
    2.3ApplicationIssRealsecure Desktop3.6eca*******
    2.3ApplicationIssRealsecure Desktop3.6ecb*******
    2.3ApplicationIssRealsecure Desktop3.6ecd*******
    2.3ApplicationIssRealsecure Desktop3.6ece*******
    2.3ApplicationIssRealsecure Desktop3.6ecf*******
    2.3ApplicationIssRealsecure Desktop7.0eba*******
    2.3ApplicationIssRealsecure Desktop7.0ebf*******
    2.3ApplicationIssRealsecure Desktop7.0ebg*******
    2.3ApplicationIssRealsecure Desktop7.0ebh*******
    2.3ApplicationIssRealsecure Desktop7.0ebj*******
    2.3ApplicationIssRealsecure Desktop7.0ebk*******
    2.3ApplicationIssRealsecure Desktop7.0ebl*******
    2.3ApplicationIssRealsecure Guard3.6ebz*******
    2.3ApplicationIssRealsecure Guard3.6eca*******
    2.3ApplicationIssRealsecure Guard3.6ecb*******
    2.3ApplicationIssRealsecure Guard3.6ecc*******
    2.3ApplicationIssRealsecure Guard3.6ecd*******
    2.3ApplicationIssRealsecure Guard3.6ece*******
    2.3ApplicationIssRealsecure Guard3.6ecf*******
    2.3ApplicationIssRealsecure Network Sensor7.0*******
    2.3ApplicationIssRealsecure Network Sensor7.0xpu_20.11******
    2.3ApplicationIssRealsecure Network Sensor7.0xpu_22.10******
    2.3ApplicationIssRealsecure Network Sensor7.0xpu_22.4******
    2.3ApplicationIssRealsecure Network Sensor7.0xpu_22.9******
    2.3ApplicationIssRealsecure Sentry3.6ebz*******
    2.3ApplicationIssRealsecure Sentry3.6eca*******
    2.3ApplicationIssRealsecure Sentry3.6ecb*******
    2.3ApplicationIssRealsecure Sentry3.6ecc*******
    2.3ApplicationIssRealsecure Sentry3.6ecd*******
    2.3ApplicationIssRealsecure Sentry3.6ece*******
    2.3ApplicationIssRealsecure Sentry3.6ecf*******
    2.3ApplicationIssRealsecure Server Sensor6.0*windows*****
    2.3ApplicationIssRealsecure Server Sensor6.0.1*windows*****
    2.3ApplicationIssRealsecure Server Sensor6.0.1_win_sr1.1*******
    2.3ApplicationIssRealsecure Server Sensor6.5*windows*****
    2.3ApplicationIssRealsecure Server Sensor6.5sr3.2windows*****
    2.3ApplicationIssRealsecure Server Sensor6.5sr3.3windows*****
    2.3ApplicationIssRealsecure Server Sensor6.5_win_sr3.1*******
    2.3ApplicationIssRealsecure Server Sensor6.5_win_sr3.4*******
    2.3ApplicationIssRealsecure Server Sensor6.5_win_sr3.5*******
    2.3ApplicationIssRealsecure Server Sensor6.5_win_sr3.6*******
    2.3ApplicationIssRealsecure Server Sensor6.5_win_sr3.7*******
    2.3ApplicationIssRealsecure Server Sensor6.5_win_sr3.8*******
    2.3ApplicationIssRealsecure Server Sensor6.5_win_sr3.9*******
    2.3ApplicationIssRealsecure Server Sensor6.5_win_sr3.10*******
    2.3ApplicationIssRealsecure Server Sensor7.0xpu22.1******
    2.3ApplicationIssRealsecure Server Sensor7.0xpu22.10******
    2.3ApplicationIssRealsecure Server Sensor7.0xpu22.11******
    2.3ApplicationIssRealsecure Server Sensor7.0xpu22.2******
    2.3ApplicationIssRealsecure Server Sensor7.0xpu22.3******
    2.3ApplicationIssRealsecure Server Sensor7.0xpu22.4******
    2.3ApplicationIssRealsecure Server Sensor7.0xpu22.5******
    2.3ApplicationIssRealsecure Server Sensor7.0xpu22.6******
    2.3ApplicationIssRealsecure Server Sensor7.0xpu22.7******
    2.3ApplicationIssRealsecure Server Sensor7.0xpu22.8******
    2.3ApplicationIssRealsecure Server Sensor7.0xpu22.9******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareIssProventia A Series Xpu20.11*******
    2.3HardwareIssProventia A Series Xpu22.1*******
    2.3HardwareIssProventia A Series Xpu22.2*******
    2.3HardwareIssProventia A Series Xpu22.3*******
    2.3HardwareIssProventia A Series Xpu22.4*******
    2.3HardwareIssProventia A Series Xpu22.5*******
    2.3HardwareIssProventia A Series Xpu22.6*******
    2.3HardwareIssProventia A Series Xpu22.7*******
    2.3HardwareIssProventia A Series Xpu22.8*******
    2.3HardwareIssProventia A Series Xpu22.9*******
    2.3HardwareIssProventia A Series Xpu22.10*******
    2.3HardwareIssProventia G Series Xpu22.1*******
    2.3HardwareIssProventia G Series Xpu22.2*******
    2.3HardwareIssProventia G Series Xpu22.3*******
    2.3HardwareIssProventia G Series Xpu22.4*******
    2.3HardwareIssProventia G Series Xpu22.5*******
    2.3HardwareIssProventia G Series Xpu22.6*******
    2.3HardwareIssProventia G Series Xpu22.7*******
    2.3HardwareIssProventia G Series Xpu22.8*******
    2.3HardwareIssProventia G Series Xpu22.9*******
    2.3HardwareIssProventia G Series Xpu22.10*******
    2.3HardwareIssProventia G Series Xpu22.11*******
    2.3HardwareIssProventia M Series Xpu1.1*******
    2.3HardwareIssProventia M Series Xpu1.2*******
    2.3HardwareIssProventia M Series Xpu1.3*******
    2.3HardwareIssProventia M Series Xpu1.4*******
    2.3HardwareIssProventia M Series Xpu1.5*******
    2.3HardwareIssProventia M Series Xpu1.6*******
    2.3HardwareIssProventia M Series Xpu1.7*******
    2.3HardwareIssProventia M Series Xpu1.8*******
    2.3HardwareIssProventia M Series Xpu1.9*******

Vulnerable Software List

VendorProductVersions
Iss Blackice Agent Server 3.6ebz, 3.6eca, 3.6ecb, 3.6ecc, 3.6ecd, 3.6ece, 3.6ecf
Iss Blackice Pc Protection 3.6cbz, 3.6cca, 3.6ccb, 3.6ccc, 3.6ccd, 3.6cce, 3.6ccf
Iss Realsecure Desktop 3.6ebz, 3.6eca, 3.6ecb, 3.6ecd, 3.6ece, 3.6ecf, 7.0eba, 7.0ebf, 7.0ebg, 7.0ebh, 7.0ebj, 7.0ebk, 7.0ebl
Iss Realsecure Guard 3.6ebz, 3.6eca, 3.6ecb, 3.6ecc, 3.6ecd, 3.6ece, 3.6ecf
Iss Realsecure Sentry 3.6ebz, 3.6eca, 3.6ecb, 3.6ecc, 3.6ecd, 3.6ece, 3.6ecf
Iss Proventia A Series Xpu 20.11, 22.1, 22.10, 22.2, 22.3, 22.4, 22.5, 22.6, 22.7, 22.8, 22.9
Iss Proventia G Series Xpu 22.1, 22.10, 22.11, 22.2, 22.3, 22.4, 22.5, 22.6, 22.7, 22.8, 22.9
Iss Blackice Server Protection 3.6cbz, 3.6cca, 3.6ccb, 3.6ccc, 3.6ccd, 3.6cce, 3.6ccf
Iss Realsecure Network Sensor 7.0
Iss Proventia M Series Xpu 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9
Iss Realsecure Server Sensor 6.0, 6.0.1, 6.0.1_win_sr1.1, 6.5, 6.5_win_sr3.1, 6.5_win_sr3.10, 6.5_win_sr3.4, 6.5_win_sr3.5, 6.5_win_sr3.6, 6.5_win_sr3.7, 6.5_win_sr3.8, 6.5_win_sr3.9, 7.0

References

NameSourceURLTags
20040318 EEYE: Internet Security Systems PAM ICQ Server Response Processing Vulnerabilityhttp://marc.info/?l=bugtraq&m=107965651712378&w=2BUGTRAQ
11073http://secunia.com/advisories/11073SECUNIA
O-104http://www.ciac.org/ciac/bulletins/o-104.shtmlCIAC
AD20040318http://www.eeye.com/html/Research/Advisories/AD20040318.htmlEEYE
VU#947254http://www.kb.cert.org/vuls/id/947254CERT-VNPATCH Third Party Advisory US Government Resource
4355http://www.osvdb.org/4355OSVDB
9913http://www.securityfocus.com/bid/9913BIDExploit PATCH Vendor Advisory
20040318 Vulnerability in ICQ Parsing in ISS Productshttp://xforce.iss.net/xforce/alerts/id/166ISSPATCH Vendor Advisory
pam-icq-parsing-bo(15442)https://exchange.xforce.ibmcloud.com/vulnerabilities/15442XF
witty-worm-propagation(15543)https://exchange.xforce.ibmcloud.com/vulnerabilities/15543XF