Vulnerability CVE-2006-2370

Vulnerability Name:

CVE-2006-2370 (CCN-26812)

Assigned:

2006-06-13

Published:

2006-06-13

Updated:

2019-04-30

Summary:

Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2006-2370

Source: CCN
Type: SA20630
Microsoft Windows Routing and Remote Access Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
20630

Source: CCN
Type: SECTRACK ID: 1016285
Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016285

Source: CCN
Type: ASA-2006-126
Windows Security Updates for June 2006 - (MS06-021 - MS06-032)

Source: CCN
Type: Microsoft Knowledge Base Article 911280
MS06-025: Vulnerability in Routing and Remote Access could allow remote code execution

Source: CCN
Type: US-CERT VU#631516
Microsoft Routing and Remote Access does not properly handle RPC requests

Source: CERT-VN
Type: US Government Resource
VU#631516

Source: CCN
Type: Microsoft Security Bulletin MS06-025
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)

Source: CCN
Type: Microsoft Security Bulletin MS09-069
Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)

Source: OSVDB
Type: Patch
26437

Source: CCN
Type: OSVDB ID: 26437
Microsoft Windows RRAS RASMAN Remote Overflow

Source: BID
Type: Patch
18325

Source: CCN
Type: BID-18325
Microsoft Windows Routing and Remote Access Remote Code Execution Vulnerability

Source: CCN
Type: BID-18424
Microsoft Windows Routing and Remote Access Unspecified Remote Code Execution Vulnerability

Source: CERT
Type: US Government Resource
TA06-164A

Source: VUPEN
Type: UNKNOWN
ADV-2006-2323

Source: MS
Type: UNKNOWN
MS06-025

Source: XF
Type: UNKNOWN
win-rras-bo(26812)

Source: XF
Type: UNKNOWN
win-rras-bo(26812)

Source: CCN
Type: NMAP Web site
File smb-vuln-ms06-025

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1587

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1720

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1741

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1823

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1936

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2061

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_xp::sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:::itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:::x64:*:professional:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:1587	V	RRAS Memory Corruption Vulnerability (64-bit XP)	2011-05-16
oval:org.mitre.oval:def:1936	V	RRAS Memory Corruption Vulnerability (S03,SP1)	2011-05-16
oval:org.mitre.oval:def:1720	V	RRAS Memory Corruption Vulnerability (WinS03)	2011-05-16
oval:org.mitre.oval:def:2061	V	RRAS Memory Corruption Vulnerability (WinXP,SP1)	2011-05-16
oval:org.mitre.oval:def:1741	V	RRAS Memory Corruption Vulnerability (Win2K)	2011-05-16
oval:org.mitre.oval:def:1823	V	RRAS Memory Corruption Vulnerability (WinXP,SP2)	2011-05-16

BACK