CVE-2006-3840

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.

La funcionalidad SMB Mailslot en PAM en múltiples productos ISS con XPU (24.39/1.78/epj/x.x.x.1780), incluyendo Proventia A, G, M, Server, y Desktop, BlackICE PC y Server Protection 3.6, y RealSecure 7.0,permiten a atacantes remotos provocar denegación de servicio (bucle infinito) a través de paquetes SMB manipulados que no son manejados adecuadamente por el decodificador SMB_Mailslot_Heap_Overflow.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-07-25 CVE Reserved
2006-07-27 CVE Published
2023-12-20 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (11)

URL	Tag	Source
http://securitytracker.com/id?1016590	Vdb Entry
http://securitytracker.com/id?1016591	Vdb Entry
http://securitytracker.com/id?1016592	Vdb Entry
http://www.nsfocus.com/english/homepage/research/0607.htm	X_refsource_misc
http://www.securityfocus.com/archive/1/441278/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/19178	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/27965	Vdb Entry
https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/21219	2018-10-17
http://www.vupen.com/english/advisories/2006/2996	2018-10-17
http://xforce.iss.net/xforce/alerts/id/230	2018-10-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Iss Search vendor "Iss"		Blackice Pc Protection Search vendor "Iss" for product "Blackice Pc Protection"				3.6cpk Search vendor "Iss" for product "Blackice Pc Protection" and version "3.6cpk"		-		Affected
Iss Search vendor "Iss"		Blackice Server Protection Search vendor "Iss" for product "Blackice Server Protection"				3.6cpk Search vendor "Iss" for product "Blackice Server Protection" and version "3.6cpk"		-		Affected
Iss Search vendor "Iss"		Proventia Desktop Search vendor "Iss" for product "Proventia Desktop"				8.0.675.1790 Search vendor "Iss" for product "Proventia Desktop" and version "8.0.675.1790"		-		Affected
Iss Search vendor "Iss"		Proventia Desktop Search vendor "Iss" for product "Proventia Desktop"				8.0.812.1790 Search vendor "Iss" for product "Proventia Desktop" and version "8.0.812.1790"		-		Affected
Iss Search vendor "Iss"		Realsecure Desktop Search vendor "Iss" for product "Realsecure Desktop"				7.0epk Search vendor "Iss" for product "Realsecure Desktop" and version "7.0epk"		-		Affected
Iss Search vendor "Iss"		Realsecure Network Search vendor "Iss" for product "Realsecure Network"				7.0 Search vendor "Iss" for product "Realsecure Network" and version "7.0"		-		Affected
Iss Search vendor "Iss"		Realsecure Server Sensor Search vendor "Iss" for product "Realsecure Server Sensor"				7.0 Search vendor "Iss" for product "Realsecure Server Sensor" and version "7.0"		-		Affected
Iss Search vendor "Iss"		Proventia A Series Xpu Search vendor "Iss" for product "Proventia A Series Xpu"				*		-		Affected
Iss Search vendor "Iss"		Proventia G Series Xpu Search vendor "Iss" for product "Proventia G Series Xpu"				*		-		Affected
Iss Search vendor "Iss"		Proventia M Series Xpu Search vendor "Iss" for product "Proventia M Series Xpu"				*		-		Affected
Iss Search vendor "Iss"		Proventia Server Search vendor "Iss" for product "Proventia Server"				1.0.914.1880 Search vendor "Iss" for product "Proventia Server" and version "1.0.914.1880"		-		Affected