ID CVE-2006-2370
Summary Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2011-05-16T04:01:21.701-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1587
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RRAS Memory Corruption Vulnerability (64-bit XP)
    version 67
  • accepted 2011-05-16T04:01:39.629-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1720
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RRAS Memory Corruption Vulnerability (WinS03)
    version 68
  • accepted 2011-05-16T04:01:41.863-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1741
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RRAS Memory Corruption Vulnerability (Win2K)
    version 68
  • accepted 2011-05-16T04:01:53.995-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1823
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RRAS Memory Corruption Vulnerability (WinXP,SP2)
    version 68
  • accepted 2011-05-16T04:02:08.528-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1936
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RRAS Memory Corruption Vulnerability (S03,SP1)
    version 67
  • accepted 2011-05-16T04:02:21.573-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
    family windows
    id oval:org.mitre.oval:def:2061
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title RRAS Memory Corruption Vulnerability (WinXP,SP1)
    version 67
refmap via4
bid 18325
cert TA06-164A
cert-vn VU#631516
ms MS06-025
osvdb 26437
sectrack 1016285
secunia 20630
vupen ADV-2006-2323
xf win-rras-bo(26812)
saint via4
bid 18325
description Windows RRAS memory corruption vulnerability
id win_patch_rasman
osvdb 26437
title windows_rras
type remote
Last major update 30-04-2019 - 14:27
Published 13-06-2006 - 19:06
Back to Top