CVE - CVE-2006-3942

CVE-ID
CVE-2006-3942	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:19215 URL:http://www.securityfocus.com/bid/19215 BUGTRAQ:20060814 CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service URL:http://www.securityfocus.com/archive/1/443287/100/200/threaded EXPLOIT-DB:2057 HP:HPSBST02161 URL:http://www.securityfocus.com/archive/1/449179/100/0/threaded HP:SSRT061264 URL:http://www.securityfocus.com/archive/1/449179/100/0/threaded ISS:20060728 Vulnerability in Server Driver could result in Denial of Service URL:~~http://xforce.iss.net/xforce/alerts/id/231~~ (Obsolete source - check if archived by the Wayback Machine) MISC:http://blogs.technet.com/msrc/archive/2006/07/28/443837.aspx MISC:http://www.coresecurity.com/common/showdoc.php?idx=562&idxseccion=10 MS:MS06-063 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-063 OSVDB:27644 URL:~~http://www.osvdb.org/27644~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:428 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A428 SECTRACK:1016606 URL:http://securitytracker.com/id?1016606 SECTRACK:1017035 URL:http://securitytracker.com/id?1017035 SECUNIA:21276 URL:http://secunia.com/advisories/21276 VUPEN:ADV-2006-3037 URL:~~http://www.vupen.com/english/advisories/2006/3037~~ (Obsolete source) XF:smb-malformed-pipe(27999) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/27999
Assigning CNA
MITRE Corporation
Date Record Created
20060731	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060731)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)