Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3441

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2006-3441
Last Modified 07 Mar 2011 09:38:39
Published 08 Aug 2006 09:04:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3441

Summary

Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server Sp1

  • Microsoft Windows Xp


References

CERT - TA06-220A

CERT-VN - VU#794580

MS - MS06-041

XF - dns-data-string-bo(28240)

XF - win-dns-client-bo(28013)

XF - dns-rrdatalen-underflow(24586)

ISS - 20060808 Microsoft DNS Client Integer Overflow Vulnerability

ISS - 20060808 Microsoft DNS Client ATMA Buffer Overflow Vulnerability

ISS - 20060808 Microsoft DNS Client Character String Buffer Overflow Vulnerability

VUPEN - ADV-2006-3211

BID - 19404

OSVDB - 27844

SECTRACK - 1016653

SECUNIA - 21394


Last Updated: 27 May 2016 10:43:00