CVE-2006-2374

The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/20635	Broken Link Third Party Advisory
http://securitytracker.com/id?1016288	Broken Link Third Party Advisory VDB Entry
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=409	Not Applicable
http://www.osvdb.org/26439	Broken Link
http://www.securityfocus.com/bid/18357	Broken Link Exploit Patch Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2006/2327	Broken Link Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26830	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1827	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1841	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1850	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1979	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2030	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2060	Broken Link Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000:-:sp4::::::
	cpe:2.3:o:microsoft:windows_2003_server:-:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:-::::::itanium:
	cpe:2.3:o:microsoft:windows_2003_server:-::::::x64:
	cpe:2.3:o:microsoft:windows_2003_server:-:sp1::::::
	cpe:2.3:o:microsoft:windows_2003_server:-:sp1:::::itanium:*
	cpe:2.3:o:microsoft:windows_xp:-::::professional::x64:*
	cpe:2.3:o:microsoft:windows_xp:-:sp1::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::

History

15 Feb 2024, 20:22

Type	Values Removed	Values Added
CWE	~~CWE-399~~	CWE-667
References	~~(SECUNIA) http://secunia.com/advisories/20635 - Third Party Advisory~~	(SECUNIA) http://secunia.com/advisories/20635 - Broken Link, Third Party Advisory
References	~~(VUPEN) http://www.vupen.com/english/advisories/2006/2327 - Vendor Advisory~~	(VUPEN) http://www.vupen.com/english/advisories/2006/2327 - Broken Link, Vendor Advisory
References	~~(MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030 -~~	(MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030 - Patch, Vendor Advisory
References	~~(SECTRACK) http://securitytracker.com/id?1016288 - Third Party Advisory, VDB Entry~~	(SECTRACK) http://securitytracker.com/id?1016288 - Broken Link, Third Party Advisory, VDB Entry
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1841 - Third Party Advisory~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1841 - Broken Link, Third Party Advisory
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2060 - Third Party Advisory~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2060 - Broken Link, Third Party Advisory
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1827 - Third Party Advisory~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1827 - Broken Link, Third Party Advisory
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1850 - Third Party Advisory~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1850 - Broken Link, Third Party Advisory
References	~~(BID) http://www.securityfocus.com/bid/18357 - Exploit, Patch, Third Party Advisory, VDB Entry~~	(BID) http://www.securityfocus.com/bid/18357 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2030 - Third Party Advisory~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2030 - Broken Link, Third Party Advisory
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1979 - Third Party Advisory~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1979 - Broken Link, Third Party Advisory
CVSS	v2 : ~~2.1~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 5.5

Information

Published : 2006-06-13 19:06

Updated : 2024-02-28 10:42

NVD link : CVE-2006-2374

Mitre link : CVE-2006-2374

CVE.ORG link : CVE-2006-2374

JSON object : View

Products Affected

microsoft

windows_xp
windows_2000
windows_2003_server

CWE

CWE-667

Improper Locking

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2006-2374

5.5^/10

2.1^/10

Attach tags to `CVE-2006-2374`