SAINT CorporationSAINT:27DA9799C786CD7A24364DF9165ABE5AMicrosoft Client Service for NetWare tree name buffer overflow
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.967 High
EPSS
Percentile
99.6%
Added: 11/16/2006
CVE: CVE-2006-4688
BID: 20984
OSVDB: 30260
Background
The Client Service for NetWare, also known as the Gateway Service for NetWare, allows Windows users to access NetWare file, print, and directory services. It is available with Microsoft Windows operating systems but is not installed by default.
Problem
A buffer overflow vulnerability in the Client Service for NetWare allows remote attackers to execute arbitrary commands. On Windows 2000 and XP, the attacker does not need to authenticate in order to exploit this vulnerability.
Resolution
Install the update referenced in Microsoft Security Bulletin 06-066.
References
<http://www.microsoft.com/technet/security/bulletin/MS06-066.mspx>
Limitations
Exploit works on Windows 2000 SP4 if the Client Service for NetWare is installed and running.
Platforms
Windows 2000
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.967 High
EPSS
Percentile
99.6%