National Cyber-Alert System

Vulnerability Summary for CVE-2006-0021

Overview

Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA06-045A

Name: TA06-045A

Type: Advisory

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA06-045A.html

US-CERT Vulnerability Note: VU#839284

Name: VU#839284

Type: Advisory

Hyperlink:http://www.kb.cert.org/vuls/id/839284

External Source: BID

Name: 16645

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/16645

External Source: MS

Name: MS06-007

Type: Advisory; Patch Information

Hyperlink:http://www.microsoft.com/technet/security/bulletin/ms06-007.mspx

External Source: VUPEN

Name: ADV-2006-0576

Type: Advisory; Patch Information

Hyperlink:http://www.frsirt.com/english/advisories/2006/0576

External Source: SECUNIA

Name: 18853

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/18853

External Source: XF

Name: win-igmpv3-dos(24489)

Hyperlink:http://xforce.iss.net/xforce/xfdb/24489

External Source: BUGTRAQ

Name: 20071023 SYMSA-2007-012: Microsoft Windows CE IGMP Denial of Service

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/482658/30/4350/threaded

External Source: MISC

Name: http://www.securiteam.com/exploits/5PP0T0KI0O.html

Hyperlink:http://www.securiteam.com/exploits/5PP0T0KI0O.html

External Source: MILW0RM

Name: 1599

Hyperlink:http://www.milw0rm.com/exploits/1599

External Source: SECTRACK

Name: 1015629

Hyperlink:http://securitytracker.com/id?1015629

US Government Resource: oval:org.mitre.oval:def:678

Name: oval:org.mitre.oval:def:678

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:678

US Government Resource: oval:org.mitre.oval:def:1662

Name: oval:org.mitre.oval:def:1662

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1662

US Government Resource: oval:org.mitre.oval:def:1647

Name: oval:org.mitre.oval:def:1647

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1647

US Government Resource: oval:org.mitre.oval:def:1425

Name: oval:org.mitre.oval:def:1425

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1425

US Government Resource: oval:org.mitre.oval:def:1310

Name: oval:org.mitre.oval:def:1310

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1310