CVE-2006-3840
First published: Thu Jul 27 2006(Updated: )
The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM ISS BlackICE PC Protection | =3.6cpk | |
| ISS BlackICE Server Protection | =3.6cpk | |
| IBM Proventia Desktop | =8.0.675.1790 | |
| IBM Proventia Desktop | =8.0.812.1790 | |
| Iss Realsecure Desktop | =7.0epk | |
| ISS RealSecure Network | =7.0 | |
| ISS RealSecure | =7.0 | |
| IBM Proventia A Series XPU | ||
| IBM Proventia G Series XPU | ||
| IBM Proventia M Series Xpu | ||
| IBM Proventia Server | =1.0.914.1880 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630
- http://xforce.iss.net/xforce/alerts/id/230
- http://www.nsfocus.com/english/homepage/research/0607.htm
- http://www.securityfocus.com/bid/19178
- http://securitytracker.com/id?1016592
- http://securitytracker.com/id?1016590
- http://securitytracker.com/id?1016591
- http://secunia.com/advisories/21219
- http://www.vupen.com/english/advisories/2006/2996
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27965
- http://www.securityfocus.com/archive/1/441278/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3840?
CVE-2006-3840 is classified as a denial of service vulnerability.
What products are affected by CVE-2006-3840?
CVE-2006-3840 affects multiple ISS products including RealSecure 7.0, BlackICE Server Protection 3.6, and Proventia series.
How do I fix CVE-2006-3840?
To fix CVE-2006-3840, ensure that your affected ISS products are updated to the latest patches or versions.
What type of vulnerability is CVE-2006-3840?
CVE-2006-3840 is a vulnerability that allows remote attackers to cause a denial of service via crafted SMB Mailslot messages.
Is CVE-2006-3840 exploitable remotely?
Yes, CVE-2006-3840 is exploitable remotely, allowing attackers to trigger the vulnerability over the network.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/iss
- canonical/ibm iss blackice pc protection
- version/ibm iss blackice pc protection/3.6cpk
- canonical/iss blackice server protection
- version/iss blackice server protection/3.6cpk
- canonical/ibm proventia desktop
- version/ibm proventia desktop/8.0.675.1790
- version/ibm proventia desktop/8.0.812.1790
- canonical/iss realsecure desktop
- version/iss realsecure desktop/7.0epk
- canonical/iss realsecure network
- version/iss realsecure network/7.0
- canonical/iss realsecure
- version/iss realsecure/7.0
- canonical/ibm proventia a series xpu
- canonical/ibm proventia g series xpu
- canonical/ibm proventia m series xpu
- canonical/ibm proventia server
- version/ibm proventia server/1.0.914.1880