Vulnerability Name:

CVE-2006-3840 (CCN-27965)

Assigned:2006-07-26
Published:2006-07-26
Updated:2018-10-17
Summary:The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Wed Jul 26 2006 - 23:16:03 CDT
NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability

Source: MITRE
Type: CNA
CVE-2006-3840

Source: CCN
Type: SA21219
RealSecure/BlackICE MailSlot Overflow Detection Denial of Service

Source: SECUNIA
Type: Vendor Advisory
21219

Source: CCN
Type: SECTRACK ID: 1016590
BlackICE `SMB_MailSlot_Heap_Overflow Decode` Parsing Error Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1016590

Source: CCN
Type: SECTRACK ID: 1016591
RealSecure `SMB_MailSlot_Heap_Overflow Decode` Parsing Error Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1016591

Source: CCN
Type: SECTRACK ID: 1016592
Proventia `SMB_MailSlot_Heap_Overflow Decode` Parsing Error Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1016592

Source: CCN
Type: Internet Security Systems Web site
Downloads

Source: CCN
Type: NSFOCUS Web site
NSFOCUS

Source: MISC
Type: UNKNOWN
http://www.nsfocus.com/english/homepage/research/0607.htm

Source: CCN
Type: OSVDB ID: 27550
RealSecure/BlackICE MailSlot Overflow Detection Crafted Packet Remote DoS

Source: BUGTRAQ
Type: UNKNOWN
20060727 NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability

Source: BID
Type: UNKNOWN
19178

Source: CCN
Type: BID-19178
Internet Security Systems SMB Mailslot Parsing Denial of Service Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2006-2996

Source: CCN
Type: Internet Security Systems Security Alert July 26, 2005
Protocol Parsing Bug in SMB Mailslot Parsing in ISS Products

Source: ISS
Type: Vendor Advisory
20060726 Protocol Parsing Bug in SMB Mailslot Parsing in ISS Products

Source: XF
Type: UNKNOWN
pam-smb-mailslot-dos(27965)

Source: XF
Type: UNKNOWN
pam-smb-mailslot-dos(27965)

Source: CONFIRM
Type: UNKNOWN
https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630

Vulnerable Configuration:Configuration 1:
  • cpe:/a:iss:blackice_pc_protection:3.6cpk:*:*:*:*:*:*:*
  • OR cpe:/a:iss:blackice_server_protection:3.6cpk:*:*:*:*:*:*:*
  • OR cpe:/a:iss:proventia_desktop:8.0.675.1790:*:*:*:*:*:*:*
  • OR cpe:/a:iss:proventia_desktop:8.0.812.1790:*:*:*:*:*:*:*
  • OR cpe:/a:iss:realsecure_desktop:7.0epk:*:*:*:*:*:*:*
  • OR cpe:/a:iss:realsecure_network:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:iss:realsecure_server_sensor:7.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/h:iss:proventia_a_series_xpu:*:*:*:*:*:*:*:*
  • OR cpe:/h:iss:proventia_g_series_xpu:*:*:*:*:*:*:*:*
  • OR cpe:/h:iss:proventia_m_series_xpu:*:*:*:*:*:*:*:*
  • OR cpe:/h:iss:proventia_server:1.0.914.1880:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:iss_realsecure_network:7.0:xpu_24.39:*:*:*:*:*:*
  • OR cpe:/a:ibm:iss_realsecure_server_sensor:7.0:xpu_24.39:*:*:*:*:*:*
  • OR cpe:/a:ibm:iss_proventia_server_ips_for_windows:1.0.914.1780:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:iss_realsecure_desktop:7.0:epj:*:*:*:*:*:*
  • OR cpe:/a:ibm:iss_proventia_desktop:1780:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:iss_blackice_pc_protection:3.6:epj:*:*:*:*:*:*
  • OR cpe:/a:ibm:iss_blackice_server_protection:3.6:epj:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    iss blackice pc protection 3.6cpk
    iss blackice server protection 3.6cpk
    iss proventia desktop 8.0.675.1790
    iss proventia desktop 8.0.812.1790
    iss realsecure desktop 7.0epk
    iss realsecure network 7.0
    iss realsecure server sensor 7.0
    iss proventia a series xpu *
    iss proventia g series xpu *
    iss proventia m series xpu *
    iss proventia server 1.0.914.1880
    ibm iss realsecure network 7.0 xpu_24.39
    ibm iss realsecure server sensor 7.0 xpu_24.39
    ibm iss proventia server ips for windows 1.0.914.1780
    ibm iss realsecure desktop 7.0 epj
    ibm iss proventia desktop 1780
    ibm iss blackice pc protection 3.6 epj
    ibm iss blackice server protection 3.6 epj