CVE-2006-2380
Summary
| CVE | CVE-2006-2380 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-06-13 19:06:00 UTC |
| Updated | 2019-04-30 14:27:00 UTC |
| Description | Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 2000 | All | sp4 | All | All |
| Operating System | Microsoft | Windows 2000 | All | sp4 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecurityTracker.com Archives - Microsoft RPC Mutual Authentication Bug Lets Remote Users Spoof Other Systems | SECTRACK | securitytracker.com | Patch |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Webmail - OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Microsoft Security Bulletin MS06-031 - Critical | Microsoft Docs | MS | docs.microsoft.com | |
| 26438 | OSVDB | www.osvdb.org | |
| Microsoft Windows RPC Mutual Authentication Service Spoofing Vulnerability | BID | www.securityfocus.com | Patch |
| Microsoft Windows RPC Mutual Authentication Vulnerability - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.