CVE-2006-3441

Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/21394
http://securitytracker.com/id?1016653
http://www.kb.cert.org/vuls/id/794580	Patch US Government Resource
http://www.osvdb.org/27844
http://www.securityfocus.com/bid/19404
http://www.us-cert.gov/cas/techalerts/TA06-220A.html	Patch US Government Resource
http://www.vupen.com/english/advisories/2006/3211
http://xforce.iss.net/xforce/alerts/id/233
http://xforce.iss.net/xforce/alerts/id/234
http://xforce.iss.net/xforce/alerts/id/235
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041
https://exchange.xforce.ibmcloud.com/vulnerabilities/24586
https://exchange.xforce.ibmcloud.com/vulnerabilities/28013
https://exchange.xforce.ibmcloud.com/vulnerabilities/28240
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A723

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000::sp4::fr::::
	cpe:2.3:o:microsoft:windows_2003_server:64-bit:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:sp1:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:sp1::itanium:::::
	cpe:2.3:o:microsoft:windows_xp:::64-bit:::::*
	cpe:2.3:o:microsoft:windows_xp::sp1:tablet_pc:::::
	cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc:::::

History

No history.

Information

Published : 2006-08-09 01:04

Updated : 2024-02-04 16:52

NVD link : CVE-2006-3441

Mitre link : CVE-2006-3441

CVE.ORG link : CVE-2006-3441

JSON object : View

Products Affected

microsoft

windows_xp
windows_2003_server
windows_2000

CWE

NVD-CWE-Other

{"id": "CVE-2006-3441", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-08-09T01:04:00.000", "references": [{"url": "http://secunia.com/advisories/21394", "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1016653", "source": "secure@microsoft.com"}, {"url": "http://www.kb.cert.org/vuls/id/794580", "tags": ["Patch", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.osvdb.org/27844", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/19404", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html", "tags": ["Patch", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2006/3211", "source": "secure@microsoft.com"}, {"url": "http://xforce.iss.net/xforce/alerts/id/233", "source": "secure@microsoft.com"}, {"url": "http://xforce.iss.net/xforce/alerts/id/234", "source": "secure@microsoft.com"}, {"url": "http://xforce.iss.net/xforce/alerts/id/235", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-041", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24586", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28013", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28240", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A723", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records."}, {"lang": "es", "value": "Desbordamiento de b\u00fager en el servicio Client DNS en Microsoft Windows 2000 SP4, XP SP1 y SP2, y Server 2003 SP1 permite a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de respuestas de registro manipulada. NOTA: Mientras MS06-041 implica que hay un solo asunto, hay m\u00faltiples vulnerabilidades, relacionados con (1) desbordamiento de b\u00fafer basado en pila en un respuesta de servidor DNS al cliente, (2) un respuesta de servidor DNS con registros ATMA mal formados, y (3)un gran p\u00e9rdida de c\u00e1lculo en los registros TXT, HINFO, X25, e ISDN."}], "lastModified": "2018-10-12T21:40:35.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "vulnerable": true, "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2CA1674-A8A0-479A-9D80-344D3C563A24"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}