Vulnerabilities > CVE-2006-3840 - Resource Management Errors vulnerability in ISS products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 | |
| Hardware | 4 |
Common Weakness Enumeration (CWE)
References
- http://secunia.com/advisories/21219
- http://secunia.com/advisories/21219
- http://securitytracker.com/id?1016590
- http://securitytracker.com/id?1016590
- http://securitytracker.com/id?1016591
- http://securitytracker.com/id?1016591
- http://securitytracker.com/id?1016592
- http://securitytracker.com/id?1016592
- http://www.nsfocus.com/english/homepage/research/0607.htm
- http://www.nsfocus.com/english/homepage/research/0607.htm
- http://www.securityfocus.com/archive/1/441278/100/0/threaded
- http://www.securityfocus.com/archive/1/441278/100/0/threaded
- http://www.securityfocus.com/bid/19178
- http://www.securityfocus.com/bid/19178
- http://www.vupen.com/english/advisories/2006/2996
- http://www.vupen.com/english/advisories/2006/2996
- http://xforce.iss.net/xforce/alerts/id/230
- http://xforce.iss.net/xforce/alerts/id/230
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27965
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27965
- https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630
- https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630