Lucene search

[email protected]CVE-2006-3840

HistoryJul 27, 2006 - 11:04 a.m.

CVE-2006-3840

2006-07-2711:04:00

CWE-399

[email protected]

web.nvd.nist.gov

iss products

pam

vulnerability

remote

dos

smb packet

nvd

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.103 Low

EPSS

Percentile

94.9%

JSON

The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.

CPENameOperatorVersion
iss:realsecure_server_sensoriss realsecure server sensoreq7.0
iss:proventia_desktopiss proventia desktopeq8.0.675.1790
iss:blackice_server_protectioniss blackice server protectioneq3.6cpk
iss:blackice_pc_protectioniss blackice pc protectioneq3.6cpk
iss:proventia_desktopiss proventia desktopeq8.0.812.1790
iss:realsecure_networkiss realsecure networkeq7.0
iss:realsecure_desktopiss realsecure desktopeq7.0epk
iss:proventia_g_series_xpuiss proventia g series xpueq*
iss:proventia_a_series_xpuiss proventia a series xpueq*
iss:proventia_m_series_xpuiss proventia m series xpueq*

CPE	Name	Operator	Version
iss:realsecure_server_sensor	iss realsecure server sensor	eq	7.0
iss:proventia_desktop	iss proventia desktop	eq	8.0.675.1790
iss:blackice_server_protection	iss blackice server protection	eq	3.6cpk
iss:blackice_pc_protection	iss blackice pc protection	eq	3.6cpk
iss:proventia_desktop	iss proventia desktop	eq	8.0.812.1790
iss:realsecure_network	iss realsecure network	eq	7.0
iss:realsecure_desktop	iss realsecure desktop	eq	7.0epk
iss:proventia_g_series_xpu	iss proventia g series xpu	eq	*
iss:proventia_a_series_xpu	iss proventia a series xpu	eq	*
iss:proventia_m_series_xpu	iss proventia m series xpu	eq	*

Rows per page:

1-10 of 111

References

secunia.com/advisories/21219

securitytracker.com/id?1016590

securitytracker.com/id?1016591

securitytracker.com/id?1016592

www.nsfocus.com/english/homepage/research/0607.htm

www.securityfocus.com/archive/1/441278/100/0/threaded

www.securityfocus.com/bid/19178

www.vupen.com/english/advisories/2006/2996

xforce.iss.net/xforce/alerts/id/230

exchange.xforce.ibmcloud.com/vulnerabilities/27965

iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.103 Low

EPSS

Percentile

94.9%

JSON

Related for CVE-2006-3840

cvelist1 securityvulns1