| Vulnerability Name: | CVE-2006-3441 (CCN-24586) | ||||||||
| Assigned: | 2006-08-08 | ||||||||
| Published: | 2006-08-08 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. Note: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-3441 Source: CCN Type: SA21394 Windows DNS Resolution Code Execution Vulnerabilities Source: SECUNIA Type: UNKNOWN 21394 Source: CCN Type: SECTRACK ID: 1016653 Windows Winsock and DNS Client Buffer Overflows Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016653 Source: CCN Type: Internet Security Systems Protection Advisory August 8, 2006 Microsoft DNS Client ATMA Buffer Overflow Vulnerability Source: CCN Type: US-CERT VU#794580 Microsoft DNS Client buffer overflow Source: CERT-VN Type: Patch, US Government Resource VU#794580 Source: CCN Type: Microsoft Security Bulletin MS06-041 Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683) Source: OSVDB Type: UNKNOWN 27844 Source: CCN Type: OSVDB ID: 27844 Microsoft Windows DNS Client Service Record Response Overflow Source: BID Type: UNKNOWN 19404 Source: CCN Type: BID-19404 Microsoft Windows DNS Client Buffer Overrun Vulnerability Source: CERT Type: Patch, US Government Resource TA06-220A Source: VUPEN Type: UNKNOWN ADV-2006-3211 Source: ISS Type: UNKNOWN 20060808 Microsoft DNS Client Character String Buffer Overflow Vulnerability Source: ISS Type: UNKNOWN 20060808 Microsoft DNS Client ATMA Buffer Overflow Vulnerability Source: ISS Type: UNKNOWN 20060808 Microsoft DNS Client Integer Overflow Vulnerability Source: MS Type: UNKNOWN MS06-041 Source: XF Type: UNKNOWN dns-rrdatalen-underflow(24586) Source: XF Type: UNKNOWN dns-rrdatalen-underflow(24586) Source: XF Type: UNKNOWN win-dns-client-bo(28013) Source: XF Type: UNKNOWN dns-data-string-bo(28240) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:723 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2006-3441 (CCN-28013) | ||||||||
| Assigned: | 2006-08-08 | ||||||||
| Published: | 2006-08-08 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. Note: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-3441 Source: CCN Type: SA21394 Windows DNS Resolution Code Execution Vulnerabilities Source: CCN Type: SECTRACK ID: 1016653 Windows Winsock and DNS Client Buffer Overflows Let Remote Users Execute Arbitrary Code Source: CCN Type: ASA-2006-154 Windows Security Updates for August 2006 - (MS06-040 - MS06-051) Source: CCN Type: Internet Security Systems Protection Advisory August 8, 2006 Microsoft DNS Client Integer Overflow Vulnerability Source: CCN Type: US-CERT VU#794580 Microsoft DNS Client buffer overflow Source: CCN Type: Microsoft Security Bulletin MS06-041 Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683) Source: CCN Type: OSVDB ID: 27844 Microsoft Windows DNS Client Service Record Response Overflow Source: CCN Type: BID-19404 Microsoft Windows DNS Client Buffer Overrun Vulnerability Source: CCN Type: US-CERT Technical Cyber Security Alert TA06-220A Microsoft Windows, Office, and Internet Explorer Vulnerabilities Source: XF Type: UNKNOWN win-dns-client-bo(28013) | ||||||||
| Vulnerability Name: | CVE-2006-3441 (CCN-28240) | ||||||||
| Assigned: | 2006-08-08 | ||||||||
| Published: | 2006-08-08 | ||||||||
| Updated: | 2006-08-08 | ||||||||
| Summary: | Microsoft DNS client software is vulnerable to a heap-based buffer overflow, caused by improper bounds checking of DNS packets. By sending a malicious DNS response to any valid DNS query by the client, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges used when the DNS client was invoked.
To exploit this vulnerability, the attacker needs to either entice a victim to query a specific DNS server, or to sniff network traffic and send DNS responses to questions a client has asked of another DNS server. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-3441 Source: CCN Type: SA21394 Windows DNS Resolution Code Execution Vulnerabilities Source: CCN Type: SECTRACK ID: 1016653 Windows Winsock and DNS Client Buffer Overflows Let Remote Users Execute Arbitrary Code Source: CCN Type: Internet Security Systems Protection Advisory August 8, 2006 Microsoft DNS Client Character String Buffer Overflow Vulnerability Source: CCN Type: US-CERT VU#794580 Microsoft DNS Client buffer overflow Source: CCN Type: Microsoft Security Bulletin MS06-041 Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683) Source: CCN Type: OSVDB ID: 27844 Microsoft Windows DNS Client Service Record Response Overflow Source: CCN Type: BID-19404 Microsoft Windows DNS Client Buffer Overrun Vulnerability Source: XF Type: UNKNOWN dns-data-string-bo(28240) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||