Vulnerability Description
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | - |
| Microsoft | Windows 2003 Server | - |
| Microsoft | Windows Xp | - |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/20635Broken LinkThird Party Advisory
- http://securitytracker.com/id?1016288Broken LinkThird Party AdvisoryVDB Entry
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=409Not Applicable
- http://www.osvdb.org/26439Broken Link
- http://www.securityfocus.com/bid/18357Broken LinkExploitPatch
- http://www.vupen.com/english/advisories/2006/2327Broken LinkVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-03PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26830Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken LinkThird Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken LinkThird Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken LinkThird Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken LinkThird Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken LinkThird Party Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken LinkThird Party Advisory
- http://secunia.com/advisories/20635Broken LinkThird Party Advisory
FAQ
What is CVE-2006-2374?
CVE-2006-2374 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the ...
How severe is CVE-2006-2374?
CVE-2006-2374 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2374?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Xp.