Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2371

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2371
Last Modified 07 Mar 2011 09:36:04
Published 13 Jun 2006 03:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2371

Summary

Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Datacenter Edition

  • Microsoft Windows 2003 Server Datacenter Edition 64-bit

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server Enterprise Edition

  • Microsoft Windows 2003 Server Enterprise Edition 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Sp1

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Standard 64-bit

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Xp


References

CERT - TA06-164A

CERT-VN - VU#814644

BID - 18358

BUGTRAQ - 20060613 High Risk Vulnerability in Microsoft Windows RASMAN Service

MS - MS06-025

SECUNIA - 20630

VUPEN - ADV-2006-2323

SECTRACK - 1016285

XF - win-rras-rasman-bo(26814)

OSVDB - 26436

SREASON - 1096


Last Updated: 27 May 2016 10:42:26