certfr_avis - certa-2006-avi-443

CERTA-2006-AVI-443

Vulnerability from certfr_avis

Il existe dans le service Serveur une vulnérabilité pouvant provoquer un déni de service.

Description

Le service Serveur permet de partager des ressources locales (disques, imprimantes) afin que les autres utilisateurs du réseau puissent y avoir accès. Il permet également une communication par canal nommé (named pipe) entre les applications s'exécutant sur différents ordinateurs. Cette vulnérabilité est due au mode de gestion de certains messages réseau. Un attaquant pourrait exploiter cette vulnérabilité en envoyant un paquet réseau spécialement conçu à un ordinateur vulnérable exécutant le service Serveur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Service Pack 1 et Microsoft Windows XP Service Pack 2 ;
Microsoft	N/A	Server 2003 avec SP1 pour les systèmes Itanium ;
Microsoft	Windows	Microsoft Windows XP Professionnel Édition x6 ;
Microsoft	Windows	Microsoft Windows Server 2003 Édition x64.
Microsoft	Windows	Microsoft Windows Server 2003 et Microsoft Windows Server 2003 Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Server 2003 pour les systèmes Itanium et Microsoft Windows ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

CVE-2006-3942 (GCVE-0-2006-3942)

Vulnerability from cvelistv5

Published

2006-07-31 23:00

Modified

2024-08-07 18:48

Severity ?

CWE

Summary

The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.

References

URL

Tags

	http://xforce.iss.net/xforce/alerts/id/231	third-party-advisory, x_refsource_ISS
	http://www.vupen.com/english/advisories/2006/3037	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/449179/100/0/threaded	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/archive/1/443287/100/200/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/19215	vdb-entry, x_refsource_BID
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-063	vendor-advisory, x_refsource_MS
	http://www.coresecurity.com/common/showdoc.php?idx=562&idxseccion=10	x_refsource_MISC
	http://securitytracker.com/id?1016606	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/21276	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1017035	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/449179/100/0/threaded	vendor-advisory, x_refsource_HP
	http://www.osvdb.org/27644	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/27999	vdb-entry, x_refsource_XF
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A428	vdb-entry, signature, x_refsource_OVAL
	http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060728 Vulnerability in Server Driver could result in Denial of Service",
            "tags": [
              "third-party-advisory",
              "x_refsource_ISS",
              "x_transferred"
            ],
            "url": "http://xforce.iss.net/xforce/alerts/id/231"
          },
          {
            "name": "ADV-2006-3037",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3037"
          },
          {
            "name": "SSRT061264",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
          },
          {
            "name": "20060814 CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443287/100/200/threaded"
          },
          {
            "name": "19215",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19215"
          },
          {
            "name": "MS06-063",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-063"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/common/showdoc.php?idx=562\u0026idxseccion=10"
          },
          {
            "name": "1016606",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016606"
          },
          {
            "name": "21276",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21276"
          },
          {
            "name": "1017035",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017035"
          },
          {
            "name": "HPSBST02161",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
          },
          {
            "name": "27644",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27644"
          },
          {
            "name": "smb-malformed-pipe(27999)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27999"
          },
          {
            "name": "oval:org.mitre.oval:def:428",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A428"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an \"SMB PIPE,\" aka the \"Mailslot DOS\" vulnerability.  NOTE: the name \"Mailslot DOS\" was derived from incomplete initial research; the vulnerability is not associated with a mailslot."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060728 Vulnerability in Server Driver could result in Denial of Service",
          "tags": [
            "third-party-advisory",
            "x_refsource_ISS"
          ],
          "url": "http://xforce.iss.net/xforce/alerts/id/231"
        },
        {
          "name": "ADV-2006-3037",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3037"
        },
        {
          "name": "SSRT061264",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
        },
        {
          "name": "20060814 CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443287/100/200/threaded"
        },
        {
          "name": "19215",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19215"
        },
        {
          "name": "MS06-063",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-063"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/common/showdoc.php?idx=562\u0026idxseccion=10"
        },
        {
          "name": "1016606",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016606"
        },
        {
          "name": "21276",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21276"
        },
        {
          "name": "1017035",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017035"
        },
        {
          "name": "HPSBST02161",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
        },
        {
          "name": "27644",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27644"
        },
        {
          "name": "smb-malformed-pipe(27999)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27999"
        },
        {
          "name": "oval:org.mitre.oval:def:428",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A428"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3942",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an \"SMB PIPE,\" aka the \"Mailslot DOS\" vulnerability.  NOTE: the name \"Mailslot DOS\" was derived from incomplete initial research; the vulnerability is not associated with a mailslot."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060728 Vulnerability in Server Driver could result in Denial of Service",
              "refsource": "ISS",
              "url": "http://xforce.iss.net/xforce/alerts/id/231"
            },
            {
              "name": "ADV-2006-3037",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3037"
            },
            {
              "name": "SSRT061264",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
            },
            {
              "name": "20060814 CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443287/100/200/threaded"
            },
            {
              "name": "19215",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19215"
            },
            {
              "name": "MS06-063",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-063"
            },
            {
              "name": "http://www.coresecurity.com/common/showdoc.php?idx=562\u0026idxseccion=10",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/common/showdoc.php?idx=562\u0026idxseccion=10"
            },
            {
              "name": "1016606",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016606"
            },
            {
              "name": "21276",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21276"
            },
            {
              "name": "1017035",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017035"
            },
            {
              "name": "HPSBST02161",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
            },
            {
              "name": "27644",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27644"
            },
            {
              "name": "smb-malformed-pipe(27999)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27999"
            },
            {
              "name": "oval:org.mitre.oval:def:428",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A428"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3942",
    "datePublished": "2006-07-31T23:00:00",
    "dateReserved": "2006-07-31T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted