Lucene search

[email protected]CVE-2006-2374

HistoryJun 13, 2006 - 7:06 p.m.

CVE-2006-2374

2006-06-1319:06:00

CWE-667

[email protected]

web.nvd.nist.gov

smb driver

windows

denial of service

mrxsmb.sys

cve-2006-2374

vulnerability

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

28.5%

JSON

The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the “SMB Invalid Handle Vulnerability.”

CPENameOperatorVersion
microsoft:windows_xpmicrosoft windows xpeq-
microsoft:windows_2000microsoft windows 2000eq-
microsoft:windows_2003_servermicrosoft windows 2003 servereq-

CPE	Name	Operator	Version
microsoft:windows_xp	microsoft windows xp	eq	-
microsoft:windows_2000	microsoft windows 2000	eq	-
microsoft:windows_2003_server	microsoft windows 2003 server	eq	-

References

secunia.com/advisories/20635

securitytracker.com/id?1016288

www.idefense.com/intelligence/vulnerabilities/display.php?id=409

www.osvdb.org/26439

www.securityfocus.com/bid/18357

www.vupen.com/english/advisories/2006/2327

docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030

exchange.xforce.ibmcloud.com/vulnerabilities/26830

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1827

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1841

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1850

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1979

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2030

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2060

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

28.5%

JSON

Related for CVE-2006-2374

securityvulns2 prion1 nessus1