CVE-2006-3942

Properties

Published:
30.07.2006
Updated:
18.10.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:N/A:P/B:N)
    Product:
    Microsoft: Windows XP
    Microsoft: Windows XP
    Microsoft: Windows XP
    Microsoft: Windows Server 2003
    Microsoft: Windows Server 2003

    Vulnerability description

    The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an"SMB PIPE,"aka the"Mailslot DOS"vulnerability.  NOTE: the name"Mailslot DOS"was derived from incomplete initial research; the vulnerability is not associated with a mailslot.

    References:

    ISS: http://xforce.iss.net/xforce/alerts/id/231
    http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx: http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx
    http://www.milw0rm.com//exploits/2057: http://www.milw0rm.com//exploits/2057
    BID: http://www.securityfocus.com/bid/19215
    XF: http://xforce.iss.net/xforce/xfdb/27999
    FRSIRT: http://www.frsirt.com/english/advisories/2006/3037
    SECTRACK: http://securitytracker.com/id?1016606
    SECUNIA: http://secunia.com/advisories/21276
    OSVDB: http://www.osvdb.org/27644
    MS: http://www.microsoft.com/technet/security/Bulletin/MS06-063.mspx
    http://www.coresecurity.com/common/showdoc.php?idx=562&idxseccion=10: http://www.coresecurity.com/common/showdoc.php?idx=562&idxseccion=10
    SECTRACK: http://securitytracker.com/id?1017035