certfr_avis - certa-2006-avi-244

CERTA-2006-AVI-244

Vulnerability from certfr_avis

None

Description

Des vulnérabilités ont été identifiées dans le service RRAS inclu dans plusieurs versions de Microsoft Windows. Le service RAS (pour Remote Access Service) est fourni par le système d'exploitation pour offrir aux utilisateurs un moyen de se connecter à d'autres machines via des connexions RNIS (téléphonie) ou X.25. Le service étendu RRAS (pour Routing and Remote Access Service) permet aussi de transformer une machine en un routeur.

Le service ne vérifie pas correctement certaines allocations de mémoire. Un utilisateur malveillant peut s'appuyer sur celles-ci pour exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft XP Service Pack 1 et Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 et Microsoft Windows Server 2003 Service Pack 1 (incluant les versions x64 Edition et Itanium).
Microsoft	Windows	Microsoft 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 13 juin 2006	None	vendor-advisory
Bulletin de sécurité Microsoft MS06-025 du 13 juin 2006 :	-	other
Bulletin de sécurité Microsoft MS06-025 du 13 juin 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft XP Service Pack 1 et Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 et Microsoft Windows Server 2003 Service Pack 1 (incluant les versions x64 Edition et Itanium).",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le service RRAS inclu dans\nplusieurs versions de Microsoft Windows. Le service RAS (pour Remote\nAccess Service) est fourni par le syst\u00e8me d\u0027exploitation pour offrir aux\nutilisateurs un moyen de se connecter \u00e0 d\u0027autres machines via des\nconnexions RNIS (t\u00e9l\u00e9phonie) ou X.25. Le service \u00e9tendu RRAS (pour\nRouting and Remote Access Service) permet aussi de transformer une\nmachine en un routeur.\n\nLe service ne v\u00e9rifie pas correctement certaines allocations de m\u00e9moire.\nUn utilisateur malveillant peut s\u0027appuyer sur celles-ci pour ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2370"
    },
    {
      "name": "CVE-2006-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2371"
    }
  ],
  "initial_release_date": "2006-06-14T00:00:00",
  "last_revision_date": "2006-06-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-025 du 13 juin 2006 :",
      "url": "http://www.microsoft.com/france/technet/securite/MS06-025.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-025 du 13 juin 2006 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-025.mspx"
    }
  ],
  "reference": "CERTA-2006-AVI-244",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s dans RRAS de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 juin 2006",
      "url": null
    }
  ]
}

CVE-2006-2370 (GCVE-0-2006-2370)

Vulnerability from cvelistv5

Published

2006-06-13 19:00

Modified

2024-08-07 17:51

Severity ?

CWE

Summary

Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/26812	vdb-entry, x_refsource_XF
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025	vendor-advisory, x_refsource_MS
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1720	vdb-entry, signature, x_refsource_OVAL
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1587	vdb-entry, signature, x_refsource_OVAL
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1936	vdb-entry, signature, x_refsource_OVAL
	http://www.vupen.com/english/advisories/2006/2323	vdb-entry, x_refsource_VUPEN
	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	third-party-advisory, x_refsource_CERT
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1741	vdb-entry, signature, x_refsource_OVAL
	http://www.osvdb.org/26437	vdb-entry, x_refsource_OSVDB
	http://securitytracker.com/id?1016285	vdb-entry, x_refsource_SECTRACK
	http://www.kb.cert.org/vuls/id/631516	third-party-advisory, x_refsource_CERT-VN
	http://secunia.com/advisories/20630	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/18325	vdb-entry, x_refsource_BID
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2061	vdb-entry, signature, x_refsource_OVAL
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1823	vdb-entry, signature, x_refsource_OVAL

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:51:03.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "win-rras-bo(26812)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26812"
          },
          {
            "name": "MS06-025",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025"
          },
          {
            "name": "oval:org.mitre.oval:def:1720",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1720"
          },
          {
            "name": "oval:org.mitre.oval:def:1587",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1587"
          },
          {
            "name": "oval:org.mitre.oval:def:1936",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1936"
          },
          {
            "name": "ADV-2006-2323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2323"
          },
          {
            "name": "TA06-164A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:1741",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1741"
          },
          {
            "name": "26437",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26437"
          },
          {
            "name": "1016285",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016285"
          },
          {
            "name": "VU#631516",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/631516"
          },
          {
            "name": "20630",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20630"
          },
          {
            "name": "18325",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18325"
          },
          {
            "name": "oval:org.mitre.oval:def:2061",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2061"
          },
          {
            "name": "oval:org.mitre.oval:def:1823",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1823"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted \"RPC related requests,\" aka the \"RRAS Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "win-rras-bo(26812)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26812"
        },
        {
          "name": "MS06-025",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025"
        },
        {
          "name": "oval:org.mitre.oval:def:1720",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1720"
        },
        {
          "name": "oval:org.mitre.oval:def:1587",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1587"
        },
        {
          "name": "oval:org.mitre.oval:def:1936",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1936"
        },
        {
          "name": "ADV-2006-2323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2323"
        },
        {
          "name": "TA06-164A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:1741",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1741"
        },
        {
          "name": "26437",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26437"
        },
        {
          "name": "1016285",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016285"
        },
        {
          "name": "VU#631516",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/631516"
        },
        {
          "name": "20630",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20630"
        },
        {
          "name": "18325",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18325"
        },
        {
          "name": "oval:org.mitre.oval:def:2061",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2061"
        },
        {
          "name": "oval:org.mitre.oval:def:1823",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1823"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-2370",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted \"RPC related requests,\" aka the \"RRAS Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "win-rras-bo(26812)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26812"
            },
            {
              "name": "MS06-025",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025"
            },
            {
              "name": "oval:org.mitre.oval:def:1720",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1720"
            },
            {
              "name": "oval:org.mitre.oval:def:1587",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1587"
            },
            {
              "name": "oval:org.mitre.oval:def:1936",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1936"
            },
            {
              "name": "ADV-2006-2323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2323"
            },
            {
              "name": "TA06-164A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:1741",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1741"
            },
            {
              "name": "26437",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26437"
            },
            {
              "name": "1016285",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016285"
            },
            {
              "name": "VU#631516",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/631516"
            },
            {
              "name": "20630",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20630"
            },
            {
              "name": "18325",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18325"
            },
            {
              "name": "oval:org.mitre.oval:def:2061",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2061"
            },
            {
              "name": "oval:org.mitre.oval:def:1823",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1823"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-2370",
    "datePublished": "2006-06-13T19:00:00",
    "dateReserved": "2006-05-15T00:00:00",
    "dateUpdated": "2024-08-07T17:51:03.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-2371 (GCVE-0-2006-2371)

Vulnerability from cvelistv5

Published

2006-06-13 19:00

Modified

2024-08-07 17:51

Severity ?

CWE

Summary

Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."

References

URL

Tags

	http://securityreason.com/securityalert/1096	third-party-advisory, x_refsource_SREASON
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025	vendor-advisory, x_refsource_MS
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1983	vdb-entry, signature, x_refsource_OVAL
	http://www.vupen.com/english/advisories/2006/2323	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/436977/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	third-party-advisory, x_refsource_CERT
	http://www.osvdb.org/26436	vdb-entry, x_refsource_OSVDB
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1674	vdb-entry, signature, x_refsource_OVAL
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1907	vdb-entry, signature, x_refsource_OVAL
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1851	vdb-entry, signature, x_refsource_OVAL
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1857	vdb-entry, signature, x_refsource_OVAL
	http://securitytracker.com/id?1016285	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/20630	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/26814	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/18358	vdb-entry, x_refsource_BID
	http://www.kb.cert.org/vuls/id/814644	third-party-advisory, x_refsource_CERT-VN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1846	vdb-entry, signature, x_refsource_OVAL

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:51:04.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1096",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1096"
          },
          {
            "name": "MS06-025",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025"
          },
          {
            "name": "oval:org.mitre.oval:def:1983",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1983"
          },
          {
            "name": "ADV-2006-2323",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2323"
          },
          {
            "name": "20060613 High Risk Vulnerability in Microsoft Windows RASMAN Service",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/436977/100/0/threaded"
          },
          {
            "name": "TA06-164A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
          },
          {
            "name": "26436",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26436"
          },
          {
            "name": "oval:org.mitre.oval:def:1674",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1674"
          },
          {
            "name": "oval:org.mitre.oval:def:1907",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1907"
          },
          {
            "name": "oval:org.mitre.oval:def:1851",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1851"
          },
          {
            "name": "oval:org.mitre.oval:def:1857",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1857"
          },
          {
            "name": "1016285",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016285"
          },
          {
            "name": "20630",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20630"
          },
          {
            "name": "win-rras-rasman-bo(26814)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26814"
          },
          {
            "name": "18358",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18358"
          },
          {
            "name": "VU#814644",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/814644"
          },
          {
            "name": "oval:org.mitre.oval:def:1846",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1846"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted \"RPC related requests,\" that lead to registry corruption and stack corruption, aka the \"RASMAN Registry Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1096",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1096"
        },
        {
          "name": "MS06-025",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025"
        },
        {
          "name": "oval:org.mitre.oval:def:1983",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1983"
        },
        {
          "name": "ADV-2006-2323",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2323"
        },
        {
          "name": "20060613 High Risk Vulnerability in Microsoft Windows RASMAN Service",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/436977/100/0/threaded"
        },
        {
          "name": "TA06-164A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
        },
        {
          "name": "26436",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26436"
        },
        {
          "name": "oval:org.mitre.oval:def:1674",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1674"
        },
        {
          "name": "oval:org.mitre.oval:def:1907",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1907"
        },
        {
          "name": "oval:org.mitre.oval:def:1851",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1851"
        },
        {
          "name": "oval:org.mitre.oval:def:1857",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1857"
        },
        {
          "name": "1016285",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016285"
        },
        {
          "name": "20630",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20630"
        },
        {
          "name": "win-rras-rasman-bo(26814)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26814"
        },
        {
          "name": "18358",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18358"
        },
        {
          "name": "VU#814644",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/814644"
        },
        {
          "name": "oval:org.mitre.oval:def:1846",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1846"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-2371",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted \"RPC related requests,\" that lead to registry corruption and stack corruption, aka the \"RASMAN Registry Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1096",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1096"
            },
            {
              "name": "MS06-025",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025"
            },
            {
              "name": "oval:org.mitre.oval:def:1983",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1983"
            },
            {
              "name": "ADV-2006-2323",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2323"
            },
            {
              "name": "20060613 High Risk Vulnerability in Microsoft Windows RASMAN Service",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/436977/100/0/threaded"
            },
            {
              "name": "TA06-164A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
            },
            {
              "name": "26436",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26436"
            },
            {
              "name": "oval:org.mitre.oval:def:1674",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1674"
            },
            {
              "name": "oval:org.mitre.oval:def:1907",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1907"
            },
            {
              "name": "oval:org.mitre.oval:def:1851",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1851"
            },
            {
              "name": "oval:org.mitre.oval:def:1857",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1857"
            },
            {
              "name": "1016285",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016285"
            },
            {
              "name": "20630",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20630"
            },
            {
              "name": "win-rras-rasman-bo(26814)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26814"
            },
            {
              "name": "18358",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18358"
            },
            {
              "name": "VU#814644",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/814644"
            },
            {
              "name": "oval:org.mitre.oval:def:1846",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1846"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-2371",
    "datePublished": "2006-06-13T19:00:00",
    "dateReserved": "2006-05-15T00:00:00",
    "dateUpdated": "2024-08-07T17:51:04.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTA-2006-AVI-244

Vulnerability from certfr_avis

Description

Solution

CVE-2006-2370 (GCVE-0-2006-2370)

Vulnerability from cvelistv5

CVE-2006-2371 (GCVE-0-2006-2371)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature