[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3840Date: (C)2006-07-27   (M)2023-12-22


The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1016590
SECTRACK-1016591
SECTRACK-1016592
BID-19178
http://xforce.iss.net/xforce/alerts/id/230
http://www.securityfocus.com/archive/1/archive/1/441278/100/0/threaded
SECUNIA-21219
ADV-2006-2996
http://www.nsfocus.com/english/homepage/research/0607.htm
https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630
pam-smb-mailslot-dos(27965)

CPE    11
cpe:/a:iss:realsecure_server_sensor:7.0
cpe:/a:iss:blackice_pc_protection:3.6cpk
cpe:/a:iss:blackice_server_protection:3.6cpk
cpe:/a:iss:realsecure_network:7.0
...
CWE    1
CWE-399

© SecPod Technologies