National Vulnerability Database (NVD) National Vulnerability Database (CVE-2006-2373)

National Cyber Awareness System

Vulnerability Summary for CVE-2006-2373

Original release date:06/13/2006

Last revised:06/14/2011

Source: US-CERT/NIST

Overview

The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID

Name: 18356

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/18356

External Source: MS

Name: MS06-030

Type: Advisory; Patch Information

Hyperlink:http://www.microsoft.com/technet/security/bulletin/ms06-030.mspx

External Source: IDEFENSE

Name: 20060613 Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow

Type: Advisory; Patch Information

Hyperlink:http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408

External Source: SECUNIA

Name: 20635

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/20635

External Source: XF

Name: win-smb-privilege-escalation(26828)

Hyperlink:http://xforce.iss.net/xforce/xfdb/26828

External Source: VUPEN

Name: ADV-2006-2327

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2006/2327

External Source: OSVDB

Name: 26440

Hyperlink:http://www.osvdb.org/26440

External Source: SECTRACK

Name: 1016288

Hyperlink:http://securitytracker.com/id?1016288

US Government Resource: oval:org.mitre.oval:def:2007

Name: oval:org.mitre.oval:def:2007

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2007

US Government Resource: oval:org.mitre.oval:def:1942

Name: oval:org.mitre.oval:def:1942

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1942

US Government Resource: oval:org.mitre.oval:def:1904

Name: oval:org.mitre.oval:def:1904

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1904

US Government Resource: oval:org.mitre.oval:def:1792

Name: oval:org.mitre.oval:def:1792

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1792

US Government Resource: oval:org.mitre.oval:def:1730

Name: oval:org.mitre.oval:def:1730

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1730

US Government Resource: oval:org.mitre.oval:def:1137

Name: oval:org.mitre.oval:def:1137

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1137