ID CVE-2006-1315
Summary The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:server_service:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:server_service:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-10-2018 - 16:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2011-05-09T04:01:29.780-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP SP1 (32-bit) is installed
    oval oval:org.mitre.oval:def:1
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
description The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
family windows
id oval:org.mitre.oval:def:3
status accepted
submitted 2006-07-25T12:05:33
title SMB Information Disclosure Vulnerability
version 46
refmap via4
bid 18891
bugtraq 20060711 SMB Information Disclosure Vulnerability
cert-vn VU#333636
osvdb 27155
sectrack 1016467
secunia 21007
vupen ADV-2006-2753
xf win-smb-information-disclosure(26820)
Last major update 18-10-2018 - 16:32
Published 11-07-2006 - 21:05
Last modified 18-10-2018 - 16:32
Back to Top