ID CVE-2006-2371
Summary Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:-:advanced_server
    cpe:2.3:o:microsoft:windows_2000:-:advanced_server
  • cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
    cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
  • cpe:2.3:o:microsoft:windows_2000:-:professional
    cpe:2.3:o:microsoft:windows_2000:-:professional
  • cpe:2.3:o:microsoft:windows_2000:-:server
    cpe:2.3:o:microsoft:windows_2000:-:server
  • Microsoft Windows 2000 Advanced Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:datacenter_server
  • Microsoft Windows 2000 Professional SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:professional
  • Microsoft Windows 2000 Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:server
  • Microsoft Windows 2000 Advanced Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:datacenter_server
  • Microsoft Windows 2000 Professional SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:professional
  • Microsoft Windows 2000 Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:server
  • Microsoft Windows 2000 Advanced Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:datacenter_server
  • Microsoft Windows 2000 Professional SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:professional
  • Microsoft Windows 2000 Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:server
  • Microsoft Windows 2000 Advanced Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:datacenter_server
  • Microsoft Windows 2000 Professional SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:professional
  • Microsoft Windows 2000 Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:server
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:r2:-:datacenter_64-bit
    cpe:2.3:o:microsoft:windows_2003_server:r2:-:datacenter_64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:-:enterprise
    cpe:2.3:o:microsoft:windows_2003_server:sp1:-:enterprise
  • cpe:2.3:o:microsoft:windows_2003_server:standard
    cpe:2.3:o:microsoft:windows_2003_server:standard
  • cpe:2.3:o:microsoft:windows_2003_server:standard:sp1
    cpe:2.3:o:microsoft:windows_2003_server:standard:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit
    cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit
  • cpe:2.3:o:microsoft:windows_2003_server:web
    cpe:2.3:o:microsoft:windows_2003_server:web
  • cpe:2.3:o:microsoft:windows_2003_server:web:sp1
    cpe:2.3:o:microsoft:windows_2003_server:web:sp1
  • cpe:2.3:o:microsoft:windows_xp:-:64-bit
    cpe:2.3:o:microsoft:windows_xp:-:64-bit
  • cpe:2.3:o:microsoft:windows_xp:-:home
    cpe:2.3:o:microsoft:windows_xp:-:home
  • cpe:2.3:o:microsoft:windows_xp:-:media_center
    cpe:2.3:o:microsoft:windows_xp:-:media_center
  • Microsoft Windows XP Professional Gold
    cpe:2.3:o:microsoft:windows_xp:-:gold:professional
  • Microsoft Windows XP Service Pack 1 Home Edition
    cpe:2.3:o:microsoft:windows_xp:-:sp1:home
  • Microsoft windows xp_sp1 media_center
    cpe:2.3:o:microsoft:windows_xp:-:sp1:media_center
  • Microsoft Windows XP Service Pack 2 Home Edition
    cpe:2.3:o:microsoft:windows_xp:-:sp2:home
  • Microsoft windows xp_sp2 media_center
    cpe:2.3:o:microsoft:windows_xp:-:sp2:media_center
  • Microsoft windows xp_sp2 tablet_pc
    cpe:2.3:o:microsoft:windows_xp:-:sp2:tablet_pc
CVSS
Base: 7.5 (as of 14-06-2006 - 10:23)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id SMB_KB911280.NASL
    description The remote version of Windows contains a version of RRAS (Routing and Remote Access Service) that is affected by several memory corruption vulnerabilities. An attacker may exploit these flaws to execute code on the remote service.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 21696
    published 2006-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21696
    title MS06-025: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280) (uncredentialed check)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS06-025.NASL
    description The remote version of Windows contains a version of RRAS (Routing and Remote Access Service) that has several memory corruption vulnerabilities. An attacker may exploit these flaws to execute code on the remote service.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 21689
    published 2006-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21689
    title MS06-025: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
oval via4
  • accepted 2011-05-16T04:01:33.364-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1674
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RASMAN Registry Corruption Vulnerability (64-bit XP)
    version 67
  • accepted 2011-05-16T04:01:57.733-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1846
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RASMAN Registry Corruption Vulnerability (XP,SP2)
    version 68
  • accepted 2011-05-16T04:01:58.869-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1851
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RASMAN Registry Corruption Vulnerability (S03,SP1)
    version 67
  • accepted 2011-05-16T04:01:59.168-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1857
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RASMAN Registry Corruption Vulnerability (Win2K)
    version 68
  • accepted 2011-05-16T04:02:03.080-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1907
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RASMAN Registry Corruption Vulnerability (XP,SP1)
    version 67
  • accepted 2011-05-16T04:02:13.339-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1983
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RASMAN Registry Corruption Vulnerability (WinS03)
    version 68
refmap via4
bid 18358
bugtraq 20060613 High Risk Vulnerability in Microsoft Windows RASMAN Service
cert TA06-164A
cert-vn VU#814644
ms MS06-025
osvdb 26436
sectrack 1016285
secunia 20630
sreason 1096
vupen ADV-2006-2323
xf win-rras-rasman-bo(26814)
saint via4
bid 18358
description Windows RASMAN registry corruption vulnerability
id win_patch_rasman
osvdb 26436
title windows_rasman_registry
type remote
Last major update 07-03-2011 - 21:36
Published 13-06-2006 - 15:06
Last modified 18-10-2018 - 12:39
Back to Top