MS06-025

Executive Summary

Informations
Name	MS06-025	First vendor Publication	0000-00-00
Vendor	Microsoft	Last vendor Modification	0000-00-00
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/MS06-025

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:2061

Oval ID:	oval:org.mitre.oval:def:2061
Title:	RRAS Memory Corruption Vulnerability (WinXP,SP1)
Description:	Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2370	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND NOT a version of Windows for the ia64 architecture is installed AND the version of rasmans.dll is less than 5.1.2600.1842

Definition Id: oval:org.mitre.oval:def:1936

Oval ID:	oval:org.mitre.oval:def:1936
Title:	RRAS Memory Corruption Vulnerability (S03,SP1)
Description:	Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2370	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Windows Server 2003 is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND the version of rasmans.dll is less than 5.2.3790.2697

Definition Id: oval:org.mitre.oval:def:1823

Oval ID:	oval:org.mitre.oval:def:1823
Title:	RRAS Memory Corruption Vulnerability (WinXP,SP2)
Description:	Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2370	Version:	6
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista/2008 service pack 2 is installed AND the version of rasmans.dll is less than 5.1.2600.2908

Definition Id: oval:org.mitre.oval:def:1741

Oval ID:	oval:org.mitre.oval:def:1741
Title:	RRAS Memory Corruption Vulnerability (Win2K)
Description:	Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2370	Version:	6
Platform(s):	Microsoft Windows 2000	Product(s):
Definition Synopsis:
Windows 2000 Service Pack 4 (or later) is installed Windows 2000 is installed AND Win2K/XP/2003 service pack 4 (or later) is installed AND the version of rasmans.dll is less than 5.0.2195.7093

Definition Id: oval:org.mitre.oval:def:1720

Oval ID:	oval:org.mitre.oval:def:1720
Title:	RRAS Memory Corruption Vulnerability (WinS03)
Description:	Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2370	Version:	6
Platform(s):	Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Windows Server 2003 is installed AND NOT Win2K/XP/2003 is patched AND the version of rasmans.dll is less than 5.2.3790.529

Definition Id: oval:org.mitre.oval:def:1587

Oval ID:	oval:org.mitre.oval:def:1587
Title:	RRAS Memory Corruption Vulnerability (64-bit XP)
Description:	Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2370	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND a version of Windows for the ia64 architecture is installed AND the version of rasmans.dll is less than 5.2.3790.2697

Definition Id: oval:org.mitre.oval:def:1983

Oval ID:	oval:org.mitre.oval:def:1983
Title:	RASMAN Registry Corruption Vulnerability (WinS03)
Description:	Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2371	Version:	6
Platform(s):	Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Windows Server 2003 is installed AND NOT Win2K/XP/2003 is patched AND the version of rasmans.dll is less than 5.2.3790.529

Definition Id: oval:org.mitre.oval:def:1907

Oval ID:	oval:org.mitre.oval:def:1907
Title:	RASMAN Registry Corruption Vulnerability (XP,SP1)
Description:	Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2371	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND NOT a version of Windows for the ia64 architecture is installed AND the version of rasmans.dll is less than 5.1.2600.1842

Definition Id: oval:org.mitre.oval:def:1857

Oval ID:	oval:org.mitre.oval:def:1857
Title:	RASMAN Registry Corruption Vulnerability (Win2K)
Description:	Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2371	Version:	6
Platform(s):	Microsoft Windows 2000	Product(s):
Definition Synopsis:
Windows 2000 Service Pack 4 (or later) is installed Windows 2000 is installed AND Win2K/XP/2003 service pack 4 (or later) is installed AND the version of rasmans.dll is less than 5.0.2195.7093

Definition Id: oval:org.mitre.oval:def:1851

Oval ID:	oval:org.mitre.oval:def:1851
Title:	RASMAN Registry Corruption Vulnerability (S03,SP1)
Description:	Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2371	Version:	5
Platform(s):	Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Windows Server 2003 is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND the version of rasmans.dll is less than 5.2.3790.2697

Definition Id: oval:org.mitre.oval:def:1846

Oval ID:	oval:org.mitre.oval:def:1846
Title:	RASMAN Registry Corruption Vulnerability (XP,SP2)
Description:	Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2371	Version:	6
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista/2008 service pack 2 is installed AND the version of rasmans.dll is less than 5.1.2600.2908

Definition Id: oval:org.mitre.oval:def:1674

Oval ID:	oval:org.mitre.oval:def:1674
Title:	RASMAN Registry Corruption Vulnerability (64-bit XP)
Description:	Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-2371	Version:	5
Platform(s):	Microsoft Windows XP	Product(s):
Definition Synopsis:
Windows XP is installed AND Win2K/XP/2003/Vista service pack 1 is installed AND a version of Windows for the ia64 architecture is installed AND the version of rasmans.dll is less than 5.2.3790.2697

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 2000 cpe:/o:microsoft:windows_2000:::datacenter_server cpe:/o:microsoft:windows_2000::sp1:professional cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_2000:::professional cpe:/o:microsoft:windows_2000:::advanced_server cpe:/o:microsoft:windows_2000::sp3:server cpe:/o:microsoft:windows_2000::sp2:professional cpe:/o:microsoft:windows_2000::sp2:advanced_server cpe:/o:microsoft:windows_2000::sp3:datacenter_server cpe:/o:microsoft:windows_2000::sp1:datacenter_server cpe:/o:microsoft:windows_2000::sp4:datacenter_server cpe:/o:microsoft:windows_2000:::server cpe:/o:microsoft:windows_2000::sp1:advanced_server cpe:/o:microsoft:windows_2000::sp2:server cpe:/o:microsoft:windows_2000::sp4:professional cpe:/o:microsoft:windows_2000::sp2:datacenter_server cpe:/o:microsoft:windows_2000::sp4:advanced_server cpe:/o:microsoft:windows_2000::sp3:advanced_server cpe:/o:microsoft:windows_2000::sp1:server cpe:/o:microsoft:windows_2000::sp3:professional	20
Os	Microsoft Windows 2003 Server cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_2003_server:web:sp1 cpe:/o:microsoft:windows_2003_server:standard_64-bit cpe:/o:microsoft:windows_2003_server:standard cpe:/o:microsoft:windows_2003_server:standard:sp1 cpe:/o:microsoft:windows_2003_server:sp1::enterprise cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1 cpe:/o:microsoft:windows_2003_server:enterprise_edition:sp1 cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1 cpe:/o:microsoft:windows_2003_server:datacenter_edition cpe:/o:microsoft:windows_2003_server:datacenter_edition:sp1	15
Os	Microsoft Windows Xp cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_xp::sp1:media_center cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_xp:::media_center	9

SAINT Exploits

Description	Link
Windows RRAS memory corruption vulnerability	More info here
Windows RASMAN registry corruption vulnerability	More info here

ExploitDB Exploits

id	Description
2010-08-25	Microsoft RRAS Service RASMAN Registry Overflow
2010-05-09	Microsoft RRAS Service Overflow
2006-06-29	MS Windows RRAS RASMAN Registry Stack Overflow Exploit (MS06-025)
2006-06-22	MS Windows RRAS Remote Stack Overflow Exploit (MS06-025)

Open Source Vulnerability Database (OSVDB)

id	Description
26437	Microsoft Windows RRAS RASMAN Remote Overflow
26436	Microsoft Windows RASMAN RPC Request Remote Overflow

Metasploit Database

id	Description
2006-06-13	Microsoft RRAS Service RASMAN Registry Overflow
2006-06-13	Microsoft RRAS Service Overflow

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-06-11 17:26:01	Multiple Updates
2013-06-11 13:26:21	Multiple Updates
2013-06-10 13:26:16	Multiple Updates
2013-06-10 09:26:08	Multiple Updates
2013-06-08 05:27:25	Multiple Updates
2013-06-07 21:25:52	Multiple Updates
2013-06-06 13:26:42	Multiple Updates
2013-06-06 05:25:17	Multiple Updates
2013-06-04 17:26:48	Multiple Updates
2013-06-04 13:25:57	Multiple Updates
2013-06-03 21:28:22	Multiple Updates
2013-06-03 17:22:29	Multiple Updates
2013-06-03 13:26:44	Multiple Updates
2013-06-03 05:22:54	Multiple Updates
2013-05-31 21:26:39	Multiple Updates
2013-05-31 17:22:30	Multiple Updates
2013-05-30 17:25:25	Multiple Updates
2013-05-30 13:22:33	Multiple Updates
2013-05-01 17:22:45	Multiple Updates
2013-05-01 13:28:15	Multiple Updates
2013-05-01 09:22:53	Multiple Updates
2013-05-01 05:38:37	Multiple Updates