CVE-2006-3840

Published: Jul 27, 2006Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.

Affected (11)

Products: Iss: Blackice Pc Protection, Blackice Server Protection, Proventia Desktop, Realsecure Desktop, Realsecure Network, Realsecure Server Sensor, Proventia A Series Xpu, Proventia G Series Xpu, Proventia M Series Xpu, Proventia Server

10 products

Blackice Pc Protection

Blackice Server Protection

Proventia Desktop

Realsecure Desktop

Realsecure Network

Realsecure Server Sensor

Proventia A Series Xpu

Proventia G Series Xpu

Proventia M Series Xpu

Proventia Server

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Iss Blackice Pc Protection	Version 3.6cpk
Iss Blackice Server Protection	Version 3.6cpk
Iss Proventia Desktop	Version 8.0.675.1790
Iss Proventia Desktop	Version 8.0.812.1790
Iss Realsecure Desktop	Version 7.0epk
Iss Realsecure Network	Version 7.0
Iss Realsecure Server Sensor	Version 7.0

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Iss Proventia A Series Xpu	All versions
Iss Proventia G Series Xpu	All versions
Iss Proventia M Series Xpu	All versions
Iss Proventia Server	Version 1.0.914.1880

Related CWEs

References (22)

http://secunia.com/advisories/21219

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1016590

Source: cve@mitre.org

http://securitytracker.com/id?1016591

Source: cve@mitre.org

http://securitytracker.com/id?1016592

Source: cve@mitre.org

http://www.nsfocus.com/english/homepage/research/0607.htm

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/441278/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/19178

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2996

Source: cve@mitre.org

Vendor Advisory

http://xforce.iss.net/xforce/alerts/id/230

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27965

Source: cve@mitre.org

https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630

Source: cve@mitre.org

http://secunia.com/advisories/21219

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1016590

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1016591

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1016592

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.nsfocus.com/english/homepage/research/0607.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/441278/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/19178

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/2996

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://xforce.iss.net/xforce/alerts/id/230

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27965

Source: af854a3a-2127-422b-91ae-364da2661108

https://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3630

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.