ID CVE-2006-1315
Summary The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
References
Vulnerable Configurations
  • Microsoft server_service
    cpe:2.3:a:microsoft:server_service
CVSS
Base: 5.0 (as of 12-07-2006 - 11:30)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description MS Windows Mailslot Ring0 Memory Corruption Exploit (MS06-035). CVE-2006-1314,CVE-2006-1315,CVE-2006-3942. Dos exploit for windows platform
file exploits/windows/dos/2057.c
id EDB-ID:2057
last seen 2016-01-31
modified 2006-07-21
platform windows
port
published 2006-07-21
reporter cocoruder
source https://www.exploit-db.com/download/2057/
title Microsoft Windows - Mailslot Ring0 Memory Corruption Exploit MS06-035
type dos
nessus via4
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS06-035.NASL
    description The remote host is vulnerable to heap overflow in the 'Server' service that could allow an attacker to execute arbitrary code on the remote host with the 'System' privileges. In addition to this, the remote host is also vulnerable to an information disclosure attack in SMB that could allow an attacker to obtain portions of the memory of the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 22029
    published 2006-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22029
    title MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS06-063.NASL
    description The remote host has a memory corruption vulnerability in the 'Server' service that could allow an attacker to perform a denial of service against the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 22536
    published 2006-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22536
    title MS06-063: Vulnerability in Server Service Could Allow Denial of Service (923414)
  • NASL family Windows
    NASL id SMB_KB917159.NASL
    description The remote host is vulnerable to heap overflow in the 'Server' service that may allow an attacker to execute arbitrary code on the remote host with 'SYSTEM' privileges. In addition to this, the remote host is also affected by an information disclosure vulnerability in SMB that may allow an attacker to obtain portions of the memory of the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 22034
    published 2006-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22034
    title MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (uncredentialed check)
oval via4
accepted 2011-05-09T04:01:29.780-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP SP1 (32-bit) is installed
    oval oval:org.mitre.oval:def:1
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
description The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
family windows
id oval:org.mitre.oval:def:3
status accepted
submitted 2006-07-25T12:05:33
title SMB Information Disclosure Vulnerability
version 40
refmap via4
bid 18891
bugtraq 20060711 SMB Information Disclosure Vulnerability
cert-vn VU#333636
ms MS06-035
osvdb 27155
sectrack 1016467
secunia 21007
vupen ADV-2006-2753
xf win-smb-information-disclosure(26820)
Last major update 07-03-2011 - 21:32
Published 11-07-2006 - 17:05
Last modified 18-10-2018 - 12:32
Back to Top