CVE-2006-3439 - OpenCVE

Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows Xp Windows 2000 Windows 2003 Server

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_2000::sp4::fr::::
	cpe:2.3:o:microsoft:windows_2003_server:64-bit:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:itanium:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:r2:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:sp1:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:sp1::itanium:::::
	cpe:2.3:o:microsoft:windows_xp:::64-bit:::::*
	cpe:2.3:o:microsoft:windows_xp::sp1:tablet_pc:::::
	cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc:::::

References

Link	Resource
http://secunia.com/advisories/21388	Patch Vendor Advisory
http://securitytracker.com/id?1016667
http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html
http://www.dhs.gov/dhspublic/display?content=5789
http://www.kb.cert.org/vuls/id/650769	Patch US Government Resource
http://www.securityfocus.com/bid/19409
http://www.us-cert.gov/cas/techalerts/TA06-220A.html	Patch US Government Resource
http://www.vupen.com/english/advisories/2006/3210
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040
https://exchange.xforce.ibmcloud.com/vulnerabilities/28002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2006-08-09T01:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2006-07-07T00:00:00

Link: CVE-2006-3439

JSON object: View

NVD Information

Status : Modified

Published: 2006-08-09T01:04:00.000

Modified: 2018-10-12T21:40:34.057

Link: CVE-2006-3439

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-08T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.dhs.gov/dhspublic/display?content=5789"}, {"name": "20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"}, {"name": "MS06-040", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"}, {"name": "VU#650769", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/650769"}, {"name": "1016667", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016667"}, {"name": "19409", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19409"}, {"name": "TA06-220A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"name": "oval:org.mitre.oval:def:492", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"}, {"name": "ms-server-service-bo(28002)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"}, {"name": "ADV-2006-3210", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3210"}, {"name": "21388", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21388"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3439", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.dhs.gov/dhspublic/display?content=5789", "refsource": "MISC", "url": "http://www.dhs.gov/dhspublic/display?content=5789"}, {"name": "20060814 Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"}, {"name": "MS06-040", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"}, {"name": "VU#650769", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/650769"}, {"name": "1016667", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016667"}, {"name": "19409", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19409"}, {"name": "TA06-220A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"name": "oval:org.mitre.oval:def:492", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"}, {"name": "ms-server-service-bo(28002)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"}, {"name": "ADV-2006-3210", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3210"}, {"name": "21388", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21388"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3439", "datePublished": "2006-08-09T01:00:00", "dateReserved": "2006-07-07T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "D2CA1674-A8A0-479A-9D80-344D3C563A24", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*", "matchCriteriaId": "0808041A-CE1A-433A-9C2B-019097CCFB0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en Server Service en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 SP1 permite a un atacante remoto, incluidos usuario an\u00f3nimos, ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de mensajes RPC manipulados, una vulnerabilidad diferente que CVE-2006-1314."}], "id": "CVE-2006-3439", "lastModified": "2018-10-12T21:40:34.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-09T01:04:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21388"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016667"}, {"source": "secure@microsoft.com", "url": "http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response09186a008070c75a.html"}, {"source": "secure@microsoft.com", "url": "http://www.dhs.gov/dhspublic/display?content=5789"}, {"source": "secure@microsoft.com", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/650769"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/19409"}, {"source": "secure@microsoft.com", "tags": ["Patch", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/3210"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-040"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28002"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A492"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}