| Vulnerability Name: | CVE-2006-3942 (CCN-27999) | ||||||||
| Assigned: | 2006-07-28 | ||||||||
| Published: | 2006-07-28 | ||||||||
| Updated: | 2018-10-17 | ||||||||
| Summary: | The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. Note: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot. | ||||||||
| CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C) 6.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C)
6.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: Microsoft Security Response Center Blog, Friday, July 28, 2006 9:22 PM Information About Public Postings Related to MS06-035 Source: MISC Type: UNKNOWN http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx Source: MITRE Type: CNA CVE-2006-3942 Source: CCN Type: SA21276 Microsoft Windows Server Service DoS and Privilege Escalation Source: SECUNIA Type: Vendor Advisory 21276 Source: CCN Type: SECTRACK ID: 1016606 Windows Server Service Null Pointer Comparison Lets Remote Users Deny Service Source: SECTRACK Type: UNKNOWN 1016606 Source: CCN Type: SECTRACK ID: 1017035 Windows Server Service SMB Rename Null Pointer Dereference Lets Remote Users Deny Service Source: SECTRACK Type: UNKNOWN 1017035 Source: CCN Type: ASA-2006-217 Windows Security Updates for October 2006 - (MS06-056 - MS06-065) Source: CCN Type: Microsoft Security Bulletin MS15-083 Vulnerability in Server Message Block Could Allow Remote Code Execution (3073921) Source: CCN Type: Microsoft Security Bulletin MS16-114 Security Update for Windows SMBv1 Server (3185879) Source: CCN Type: Microsoft Security Bulletin MS17-010 Security Update for Windows SMB Server (4013389) Source: CCN Type: Core Security Technologies Advisory CORE-2006-0714 Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service Source: MISC Type: UNKNOWN http://www.coresecurity.com/common/showdoc.php?idx=562&idxseccion=10 Source: CCN Type: Microsoft Security Bulletin MS06-063 Vulnerability in Server Service Could Allow Denial of Service (923414) Source: CCN Type: Microsoft Security Bulletin MS08-063 Vulnerability in SMB Could Allow Remote Code Execution (957095) Source: CCN Type: Microsoft Security Bulletin MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution (958687) Source: CCN Type: Microsoft Security Bulletin MS10-012 Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) Source: CCN Type: Microsoft Security Bulletin MS10-054 Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) Source: CCN Type: Microsoft Security Bulletin MS11-020 Vulnerability in SMB Server Could Allow Remote Code Execution (2508429) Source: OSVDB Type: UNKNOWN 27644 Source: CCN Type: OSVDB ID: 27644 Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS Source: BUGTRAQ Type: UNKNOWN 20060814 CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service Source: HP Type: UNKNOWN SSRT061264 Source: BID Type: UNKNOWN 19215 Source: CCN Type: BID-19215 Microsoft Windows SMB PIPE Remote Denial of Service Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2006-3037 Source: CCN Type: Internet Security Systems Protection Advisory July 28, 2006 Vulnerability in Server Driver could result in Denial of Service Source: ISS Type: UNKNOWN 20060728 Vulnerability in Server Driver could result in Denial of Service Source: MS Type: UNKNOWN MS06-063 Source: XF Type: UNKNOWN smb-malformed-pipe(27999) Source: XF Type: UNKNOWN smb-malformed-pipe(27999) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:428 Source: CCN Type: Rapid7 Vulnerability and Exploit Database [05-30-2018] Microsoft SRV.SYS Pipe Transaction No Null | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||