[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3676Date: (C)2009-11-13   (M)2023-12-22


The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.1
Exploit Score: 8.6
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECTRACK-1023179
20091111
http://seclists.org/fulldisclosure/2009/Nov/134
SECUNIA-37347
ADV-2009-3216
MS10-020
TA10-103A
http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html
http://news.cnet.com/8301-27080_3-10395891-245.html
http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
http://secunia.com/blog/66/
http://www.microsoft.com/technet/security/advisory/977544.mspx
oval:org.mitre.oval:def:7186

CPE    2
cpe:/o:microsoft:windows_server_2008:r2
cpe:/o:microsoft:windows_7
CWE    1
CWE-399
OVAL    2
oval:org.mitre.oval:def:7186
oval:org.secpod.oval:def:1584

© SecPod Technologies