CVE-2006-2374

The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=409	Not Applicable
http://www.securityfocus.com/bid/18357	Exploit Patch Third Party Advisory VDB Entry
http://secunia.com/advisories/20635	Third Party Advisory
http://securitytracker.com/id?1016288	Third Party Advisory VDB Entry
http://www.osvdb.org/26439	Broken Link
http://www.vupen.com/english/advisories/2006/2327	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26830	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2060	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2030	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1979	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1850	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1841	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1827	Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2003_server:-:sp1:::::itanium:*
	cpe:2.3:o:microsoft:windows_2003_server:-:sp1::::::
	cpe:2.3:o:microsoft:windows_2003_server:-:::::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp1::::::
	cpe:2.3:o:microsoft:windows_2003_server:-::::::x64:
	cpe:2.3:o:microsoft:windows_2003_server:-::::::itanium:
	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp:-::::professional::x64:*
	cpe:2.3:o:microsoft:windows_2000:-:sp4::::::

Information

Published : 2006-06-13 12:06

Updated : 2018-10-12 14:39

NVD link : CVE-2006-2374

Mitre link : CVE-2006-2374

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

microsoft

windows_xp
windows_2003_server
windows_2000

2.1 /10