Search...

CVE-2006-6307

2006-12-05T11:28:00

ID CVE-2006-6307
Type cve
Reporter cve@mitre.org
Modified 2011-03-08T02:45:00

Description

srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary.

JSON Vulners Source

Initial Source

{"id": "CVE-2006-6307", "bulletinFamily": "NVD", "title": "CVE-2006-6307", "description": "srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary.", "published": "2006-12-05T11:28:00", "modified": "2011-03-08T02:45:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6307", "reporter": "cve@mitre.org", "references": ["http://www.vupen.com/english/advisories/2006/4840", "http://secunia.com/advisories/23244", "http://www.securityfocus.com/bid/21430", "https://secure-support.novell.com/KanisaPlatform/Publishing/859/3480790_f.SAL_Public.html"], "cvelist": ["CVE-2006-6307"], "type": "cve", "lastseen": "2019-05-29T18:08:35", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "1dc238905c643582e97d4d402e25189a"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f16d3beccda43b0027d91bc6e07f8fc5"}, {"key": "cpe23", "hash": "d156ef8f185a9d211f49f65017e44377"}, {"key": "cvelist", "hash": "2e51d5f1f9fb021b6584de10addfd347"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "cvss2", "hash": "85fc9715d07b57d9e72056856b007c7b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "0ce2394d09720dc144a612e7fa02e15c"}, {"key": "href", "hash": "b9c56abca5be7cf28bd7374a653fd2ae"}, {"key": "modified", "hash": "234b196e465ab47c4b63646111ff1c70"}, {"key": "published", "hash": "8b5b81921f3c32dba9ddb5df3153a886"}, {"key": "references", "hash": "796b45d3b9465549bbb524550c930340"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "c1954cc9930788d23ab9369bfeffd153"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6f39367b472a80c658d564965acee2a941245b795d1bdb1eaeec6dd633655163", "viewCount": 0, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:08:35"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:31354"]}, {"type": "nessus", "idList": ["NOVELL_CLIENT_SRVLOC_DOS.NASL"]}], "modified": "2019-05-29T18:08:35"}, "vulnersScore": 6.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:novell:client:4.91"], "affectedSoftware": [{"name": "novell client", "operator": "eq", "version": "4.91"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:novell:client:4.91:sp2:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: https://secure-support.novell.com/KanisaPlatform/Publishing/859/3480790_f.SAL_Public.html\n[Secunia Advisory ID:23244](https://secuniaresearch.flexerasoftware.com/advisories/23244/)\nKeyword: TCP port 427\nFrSIRT Advisory: ADV-2006-4840\n[CVE-2006-6307](https://vulners.com/cve/CVE-2006-6307)\nBugtraq ID: 21430\n", "modified": "2006-11-29T03:18:58", "published": "2006-11-29T03:18:58", "href": "https://vulners.com/osvdb/OSVDB:31354", "id": "OSVDB:31354", "title": "Novell Client srvloc.sys Crafted Packet Unspecified Remote DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:09:40", "bulletinFamily": "scanner", "description": "The file 'srvloc.sys' included with the Novell Client software is reportedly vulnerable to a denial of service attack when processing malformed SLP packets to port 427.\n\nNote that it is not currently known whether this involves the TCP or UDP service or both.", "modified": "2018-07-16T00:00:00", "id": "NOVELL_CLIENT_SRVLOC_DOS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=23970", "published": "2007-01-03T00:00:00", "title": "Novell Client srvloc.sys Crafted Packet Unspecified Remote DoS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(23970);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\"CVE-2006-6307\");\n script_bugtraq_id(21430);\n\n script_name(english:\"Novell Client srvloc.sys Crafted Packet Unspecified Remote DoS\");\n script_summary(english:\"Checks file versions of srvloc.sys / nwgina.dll\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a service that is susceptible to a\ndenial of service attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The file 'srvloc.sys' included with the Novell Client software is\nreportedly vulnerable to a denial of service attack when processing\nmalformed SLP packets to port 427.\n\nNote that it is not currently known whether this involves the TCP or\nUDP service or both.\");\n\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Novell Client 4.91 SP3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\n\nif (!get_kb_item(\"SMB/Registry/Enumerated\")) exit(1, \"KB 'SMB/Registry/Enumerated' not set to TRUE.\");\n\n# Unless we're being paranoid, check whether the software's installed.\nif (report_paranoia < 2)\n{\n subkey = \"{Novell Client for Windows}\";\n key = string(\"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/\", subkey, \"/DisplayName\");\n get_kb_item_or_exit(key);\n}\n\n\n# Connect to the appropriate share.\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\n# Check the version of srvloc.sys.\nwinroot = hotfix_get_systemroot();\nif (!winroot) exit(1);\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:winroot);\nsys = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\System32\\Netware\\srvloc.sys\", string:winroot);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL,\"IPC$\");\n}\n\nfh = CreateFile(\n file:sys,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n);\nver = NULL;\nif (!isnull(fh))\n{\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n}\n\n\n# NB: make sure the version is 4.91.3.0, which is true of 4.91 Support\n# Pack 2 w/ 491psp2_pkc.exe. For some reason, Novell didn't update\n# the file version when it changed this for SP3, so we have to rely\n# another file which did change between them; eg, nwgina.dll.\nif (\n !isnull(ver) &&\n int(ver[0]) == 4 && int(ver[1]) == 91 && int(ver[2]) == 3 && int(ver[3]) == 0\n)\n{\n file = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\System32\\nwgina.dll\", string:winroot);\n fh = CreateFile(\n file:file,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n );\n ver = NULL;\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n CloseFile(handle:fh);\n }\n\n # File version is 4.91.1.36 w/ SP3.\n if (!isnull(ver))\n {\n fix = split(\"4.91.1.36\", sep:'.', keep:FALSE);\n for (i=0; i<4; i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(ver); i++)\n if ((ver[i] < fix[i]))\n {\n security_warning(port);\n break;\n }\n else if (ver[i] > fix[i])\n break;\n }\n}\n\n\n# Clean up.\nNetUseDel();\n\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}