Vulnerability Name:

CVE-2006-2371 (CCN-26814)

Assigned:2006-06-13
Published:2006-06-13
Updated:2019-04-30
Summary:Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Jun 13 2006 - 12:38:50 CDT
High Risk Vulnerability in Microsoft Windows RASMAN Service

Source: MITRE
Type: CNA
CVE-2006-2371

Source: CCN
Type: SA20630
Microsoft Windows Routing and Remote Access Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
20630

Source: SREASON
Type: UNKNOWN
1096

Source: CCN
Type: SECTRACK ID: 1016285
Windows Routing and Remote Access Service RPC Buffer Overflows Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016285

Source: CCN
Type: ASA-2006-126
Windows Security Updates for June 2006 - (MS06-021 - MS06-032)

Source: CCN
Type: Microsoft Knowledge Base Article 911280
MS06-025: Vulnerability in Routing and Remote Access could allow remote code execution

Source: CCN
Type: US-CERT VU#814644
Microsoft Remote Access Connection Manager service vulnerable to buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#814644

Source: CCN
Type: Microsoft Security Bulletin MS06-025
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)

Source: CCN
Type: Microsoft Security Bulletin MS09-069
Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)

Source: OSVDB
Type: UNKNOWN
26436

Source: CCN
Type: OSVDB ID: 26436
Microsoft Windows RASMAN RPC Request Remote Overflow

Source: BUGTRAQ
Type: UNKNOWN
20060613 High Risk Vulnerability in Microsoft Windows RASMAN Service

Source: BID
Type: Patch
18358

Source: CCN
Type: BID-18358
Microsoft Windows Routing and Remote Access RASMAN Registry Remote Code Execution Vulnerability

Source: CERT
Type: US Government Resource
TA06-164A

Source: VUPEN
Type: UNKNOWN
ADV-2006-2323

Source: MS
Type: UNKNOWN
MS06-025

Source: XF
Type: UNKNOWN
win-rras-rasman-bo(26814)

Source: XF
Type: UNKNOWN
win-rras-rasman-bo(26814)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1674

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1846

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1851

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1857

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1907

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1983

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/a:microsoft:windows_2003:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1674
    V
    RASMAN Registry Corruption Vulnerability (64-bit XP)
    2011-05-16
    oval:org.mitre.oval:def:1907
    V
    RASMAN Registry Corruption Vulnerability (XP,SP1)
    2011-05-16
    oval:org.mitre.oval:def:1846
    V
    RASMAN Registry Corruption Vulnerability (XP,SP2)
    2011-05-16
    oval:org.mitre.oval:def:1983
    V
    RASMAN Registry Corruption Vulnerability (WinS03)
    2011-05-16
    oval:org.mitre.oval:def:1851
    V
    RASMAN Registry Corruption Vulnerability (S03,SP1)
    2011-05-16
    oval:org.mitre.oval:def:1857
    V
    RASMAN Registry Corruption Vulnerability (Win2K)
    2011-05-16
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows 2003 server datacenter_edition
    microsoft windows 2003 server datacenter_edition sp1
    microsoft windows 2003 server datacenter_edition_64-bit
    microsoft windows 2003 server datacenter_edition_64-bit sp1
    microsoft windows 2003 server enterprise_64-bit
    microsoft windows 2003 server enterprise_edition sp1
    microsoft windows 2003 server enterprise_edition_64-bit
    microsoft windows 2003 server enterprise_edition_64-bit sp1
    microsoft windows 2003 server r2
    microsoft windows 2003 server sp1
    microsoft windows 2003 server standard
    microsoft windows 2003 server standard sp1
    microsoft windows 2003 server standard_64-bit
    microsoft windows 2003 server web
    microsoft windows 2003 server web sp1
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003 server -
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium
    microsoft windows 2003 *