1. Home
  2. CVE Database
  3. CVE-2006-3840
MEDIUM · 5.0

CVE-2006-3840

The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, an...

Vulnerability Description

The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
IssBlackice Pc Protection3.6cpk
IssBlackice Server Protection3.6cpk
IssProventia Desktop8.0.675.1790
IssRealsecure Desktop7.0epk
IssRealsecure Network7.0
IssRealsecure Server Sensor7.0
IssProventia A Series XpuAll versions
IssProventia G Series XpuAll versions
IssProventia M Series XpuAll versions
IssProventia Server1.0.914.1880

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2006-3840?

CVE-2006-3840 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, an...

How severe is CVE-2006-3840?

CVE-2006-3840 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-3840?

Check the references section above for vendor advisories and patch information. Affected products include: Iss Blackice Pc Protection, Iss Blackice Server Protection, Iss Proventia Desktop, Iss Realsecure Desktop, Iss Realsecure Network.