10 - CVE-2006-3439

Executive Summary

Informations
Name	CVE-2006-3439	First vendor Publication	2006-08-08
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3439

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:492

Oval ID:	oval:org.mitre.oval:def:492
Title:	Buffer Overrun in Server Service Vulnerability
Description:	Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-3439	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Win2K,SP4 Microsoft Windows 2000 SP4 or later is installed AND The version of netapi32.dll is less than 5.0.2195.7105. OR WinXP,SP1 Microsoft Windows XP SP1 (32-bit) is installed AND The version of netapi32.dll is less than 5.1.2600.1874 OR WinXP,SP2 Microsoft Windows XP SP2 or later is installed AND The version of netapi32.dll is less than 5.1.2600.2952. OR WinXP,SP1 (64-bit) Microsoft Windows XP SP1 (64-bit) is installed AND The version of netapi32.dll is less than 5.2.3790.2747. OR S03-Gold Microsoft Windows Server 2003 (x86) Gold is installed AND The version of netapi32.dll is less than 5.2.3790.559. OR S03,SP1 Microsoft Windows Server 2003 SP1 (x86) is installed AND The version of netapi32.dll is less than 5.2.3790.2747.

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000::sp4::fr::::	1
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server:64-bit:::::::* cpe:2.3:o:microsoft:windows_2003_server:sp1:::::::* cpe:2.3:o:microsoft:windows_2003_server:sp1::itanium::::: cpe:2.3:o:microsoft:windows_2003_server:r2:::::::* cpe:2.3:o:microsoft:windows_2003_server:itanium:::::::*	5
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc::::: cpe:2.3:o:microsoft:windows_xp:::64-bit:::::* cpe:2.3:o:microsoft:windows_xp::sp1:tablet_pc:::::	3

SAINT Exploits

Description	Link
Windows Server Service buffer overflow	More info here

ExploitDB Exploits

id	Description
2011-02-17	Microsoft Server Service NetpwPathCanonicalize Overflow
2006-09-13	MS Windows - NetpIsRemote() Remote Overflow Exploit (MS06-040) (2k3)
2006-08-28	MS Windows - NetpIsRemote() Remote Overflow Exploit (MS06-040) (2)
2006-08-19	MS Windows - CanonicalizePathName() Remote Exploit (MS06-040)
2006-08-10	MS Windows NetpIsRemote() Remote Overflow Exploit (MS06-040)

OpenVAS Exploits

Date	Description
2011-12-30	Name : MicroSoft Windows Server Service Remote Code Execution Vulnerability (921883) File : nvt/secpod_ms06-040_remote.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
27845	Microsoft Windows Server Service Crafted RPC Message Remote Overflow A buffer overflow exists in Windows. The Server service fails to validate RPC messages resulting in a buffer overflow. With a specially crafted RPC message, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date	Description
2014-01-10	SMB srvsvc NetrPathCanonicalize unicode little endian andx object call overfl... RuleID : 7304 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize unicode little endian andx overflow attempt RuleID : 7303 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize WriteAndX unicode andx overflow attempt RuleID : 7302 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX unicode andx object call overflo... RuleID : 7301 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX little endian andx object call o... RuleID : 7300 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize unicode little endian andx object call ove... RuleID : 7299 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX little endian andx overflow attempt RuleID : 7298 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX little endian andx object call over... RuleID : 7297 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize andx object call overflow attempt RuleID : 7296 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX andx overflow attempt RuleID : 7295 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize andx overflow attempt RuleID : 7294 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize unicode little endian andx overflow att... RuleID : 7293 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize andx overflow attempt RuleID : 7292 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize WriteAndX unicode little endian andx ov... RuleID : 7291 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize WriteAndX andx overflow attempt RuleID : 7290 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX unicode little endian andx overflow... RuleID : 7289 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX unicode little endian andx overf... RuleID : 7288 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize WriteAndX little endian andx overflow a... RuleID : 7287 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize little endian andx overflow attempt RuleID : 7286 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize andx object call overflow attempt RuleID : 7285 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize andx overflow attempt RuleID : 7284 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize little endian andx overflow attempt RuleID : 7283 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX unicode andx overflow attempt RuleID : 7282 - Revision : 10 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize unicode andx overflow attempt RuleID : 7281 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize andx overflow attempt RuleID : 7280 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize unicode andx overflow attempt RuleID : 7279 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX andx object call overflow attempt RuleID : 7278 - Revision : 10 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX unicode andx object call overflow a... RuleID : 7277 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize unicode andx object call overflow attempt RuleID : 7276 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize little endian andx object call overflow at... RuleID : 7275 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize unicode andx object call overflow attempt RuleID : 7274 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX andx object call overflow attempt RuleID : 7273 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize unicode little endian andx overflow attempt RuleID : 7272 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize unicode andx overflow attempt RuleID : 7271 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize little endian andx overflow attempt RuleID : 7270 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX unicode little endian andx objec... RuleID : 7269 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX andx overflow attempt RuleID : 7268 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX unicode little endian andx object c... RuleID : 7267 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX little endian andx overflow attempt RuleID : 7266 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize unicode andx overflow attempt RuleID : 7265 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize WriteAndX little endian andx overflow attempt RuleID : 7264 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX unicode andx overflow attempt RuleID : 7263 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize WriteAndX andx overflow attempt RuleID : 7262 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize WriteAndX unicode andx overflow attempt RuleID : 7261 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize WriteAndX unicode little endian andx overf... RuleID : 7260 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize little endian andx overflow attempt RuleID : 7259 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize little endian andx object call overflow attempt RuleID : 7258 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize unicode little endian andx overflow attempt RuleID : 7257 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize unicode little endian object call overflow at... RuleID : 7256 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize unicode little endian overflow attempt RuleID : 7255 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize WriteAndX unicode overflow attempt RuleID : 7254 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX unicode object call overflow att... RuleID : 7253 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX little endian object call overfl... RuleID : 7252 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize unicode little endian object call overflow... RuleID : 7251 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX little endian overflow attempt RuleID : 7250 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX little endian object call overflow ... RuleID : 7249 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize object call overflow attempt RuleID : 7248 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX overflow attempt RuleID : 7247 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize overflow attempt RuleID : 7246 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize unicode little endian overflow attempt RuleID : 7245 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize overflow attempt RuleID : 7244 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize WriteAndX unicode little endian overflo... RuleID : 7243 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize WriteAndX overflow attempt RuleID : 7242 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX unicode little endian overflow attempt RuleID : 7241 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX unicode little endian overflow a... RuleID : 7240 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize WriteAndX little endian overflow attempt RuleID : 7239 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize little endian overflow attempt RuleID : 7238 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize object call overflow attempt RuleID : 7237 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize overflow attempt RuleID : 7236 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize little endian overflow attempt RuleID : 7235 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX unicode overflow attempt RuleID : 7234 - Revision : 10 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize unicode overflow attempt RuleID : 7233 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize overflow attempt RuleID : 7232 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize unicode overflow attempt RuleID : 7231 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX object call overflow attempt RuleID : 7230 - Revision : 10 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX unicode object call overflow attempt RuleID : 7229 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize unicode object call overflow attempt RuleID : 7228 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize little endian object call overflow attempt RuleID : 7227 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize unicode object call overflow attempt RuleID : 7226 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX object call overflow attempt RuleID : 7225 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize unicode little endian overflow attempt RuleID : 7224 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize unicode overflow attempt RuleID : 7223 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize little endian overflow attempt RuleID : 7222 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX unicode little endian object cal... RuleID : 7221 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX overflow attempt RuleID : 7220 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX unicode little endian object call o... RuleID : 7219 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB srvsvc NetrPathCanonicalize WriteAndX little endian overflow attempt RuleID : 7218 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize unicode overflow attempt RuleID : 7217 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize WriteAndX little endian overflow attempt RuleID : 7216 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS srvsvc NetrPathCanonicalize WriteAndX unicode overflow attempt RuleID : 7215 - Revision : 11 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize WriteAndX overflow attempt RuleID : 7214 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB-DS v4 srvsvc NetrPathCanonicalize WriteAndX unicode overflow attempt RuleID : 7213 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize WriteAndX unicode little endian overflow a... RuleID : 7212 - Revision : 9 - Type : NETBIOS
2014-01-10	SMB v4 srvsvc NetrPathCanonicalize little endian overflow attempt RuleID : 7211 - Revision : 9 - Type : NETBIOS
2014-01-10	DCERPC NCADG-IP-UDP srvsvc NetrPathCanonicalize overflow attempt RuleID : 7210 - Revision : 17 - Type : OS-WINDOWS
2014-01-10	DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt RuleID : 7209 - Revision : 21 - Type : OS-WINDOWS
2014-01-10	x86 win2k-2k3 decoder base shellcode RuleID : 15902 - Revision : 8 - Type : INDICATOR-SHELLCODE

Nessus® Vulnerability Scanner

Date	Description
2006-08-08	Name : Arbitrary code can be executed on the remote host due to a flaw in the 'Serve... File : smb_kb921883.nasl - Type : ACT_GATHER_INFO
2006-08-08	Name : Arbitrary code can be executed on the remote host due to a flaw in the 'serve... File : smb_nt_ms06-040.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://secunia.com/advisories/21388
http://securitytracker.com/id?1016667
http://www.cisco.com/en/US/products/ps6120/tsd_products_security_response0918...
http://www.dhs.gov/dhspublic/display?content=5789
http://www.kb.cert.org/vuls/id/650769
http://www.securityfocus.com/bid/19409
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
http://www.vupen.com/english/advisories/2006/3210
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06...
https://exchange.xforce.ibmcloud.com/vulnerabilities/28002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:19:50	Multiple Updates
2024-11-28 12:09:25	Multiple Updates
2021-05-04 12:04:16	Multiple Updates
2021-04-22 01:04:54	Multiple Updates
2020-05-23 13:16:47	Multiple Updates
2020-05-23 00:18:03	Multiple Updates
2018-10-13 00:22:34	Multiple Updates
2017-10-11 09:23:42	Multiple Updates
2017-07-20 09:23:43	Multiple Updates
2016-04-26 14:49:50	Multiple Updates
2014-02-17 10:36:21	Multiple Updates
2014-01-19 21:23:22	Multiple Updates
2013-05-11 11:02:21	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	9
Sources(s)	11
Saint Exploit(s)	1
osvdb(s)	1
ExploitDB Exploit(s)	5
Openvas Exploit(s)	1
Snort® Rule(s)	97
Nessus® Exploit(s)	2

	Related
10	MS06-040
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)