SMB: ISS AccountName Overflow Exploit
This signature detects buffer overflow attempts against an Internet Security Systems (ISS) Intrusion Detection device. Attackers may send an excessively long AccountName argument in an SMB packet to overflow a buffer inside the device, enabling them to remotely execute code with SYSTEM privileges.
Extended Description
The Internet Security Systems (ISS) Protocol Analysis Module, included in multiple ISS products, is prone to a remotely exploitable heap overrun vulnerability. The issue exists in the SMB parsing routines provided by the module and is due to insufficient bounds checking of protocol fields. This issue could potentially be exploited to execute arbitrary code on systems hosting the vulnerable software, potentially resulting in system compromise.
Affected Products
Ibm proventia_g_series,Ibm realsecure_server_sensor
Short Name
SMB:EXPLOIT:ISS-ACCOUNTNAME-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
AccountName CVE-2004-0193 Exploit ISS Overflow bid:9752
Release Date
01/29/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Ibm
CVSS Score
7.5