Lucene search

[email protected]CVE-2006-3840

HistoryJul 27, 2006 - 11:04 a.m.

CVE-2006-3840

2006-07-2711:04:00

CWE-399

[email protected]

web.nvd.nist.gov

iss products

pam

vulnerability

remote

dos

smb packet

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

JSON

The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.

Affected configurations

NVD

Node

issblackice_pc_protectionMatch3.6cpk

issblackice_server_protectionMatch3.6cpk

issproventia_desktopMatch8.0.675.1790

issproventia_desktopMatch8.0.812.1790

issrealsecure_desktopMatch7.0epk

issrealsecure_networkMatch7.0

issrealsecure_server_sensorMatch7.0

Node

issproventia_a_series_xpu

issproventia_g_series_xpu

issproventia_m_series_xpu

issproventia_serverMatch1.0.914.1880

CPENameOperatorVersion
iss:blackice_pc_protectioniss blackice pc protectioneq3.6cpk
iss:blackice_server_protectioniss blackice server protectioneq3.6cpk
iss:proventia_desktopiss proventia desktopeq8.0.675.1790
iss:proventia_desktopiss proventia desktopeq8.0.812.1790
iss:realsecure_desktopiss realsecure desktopeq7.0epk
iss:realsecure_networkiss realsecure networkeq7.0
iss:realsecure_server_sensoriss realsecure server sensoreq7.0

CPE	Name	Operator	Version
iss:blackice_pc_protection	iss blackice pc protection	eq	3.6cpk
iss:blackice_server_protection	iss blackice server protection	eq	3.6cpk
iss:proventia_desktop	iss proventia desktop	eq	8.0.675.1790
iss:proventia_desktop	iss proventia desktop	eq	8.0.812.1790
iss:realsecure_desktop	iss realsecure desktop	eq	7.0epk
iss:realsecure_network	iss realsecure network	eq	7.0
iss:realsecure_server_sensor	iss realsecure server sensor	eq	7.0

References

secunia.com/advisories/21219

securitytracker.com/id?1016590

securitytracker.com/id?1016591

securitytracker.com/id?1016592

www.nsfocus.com/english/homepage/research/0607.htm

www.securityfocus.com/archive/1/441278/100/0/threaded

www.securityfocus.com/bid/19178

www.vupen.com/english/advisories/2006/2996

xforce.iss.net/xforce/alerts/id/230

exchange.xforce.ibmcloud.com/vulnerabilities/27965

iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.103 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2006-3840

cvelist1 nvd1 securityvulns1