Microsoft Client Service for Netware Denial of Service Vulnerability
BID:20984
Info
Microsoft Client Service for Netware Denial of Service Vulnerability
| Bugtraq ID: | 20984 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-4688 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 14 2006 12:00AM |
| Updated: | Nov 29 2006 10:00PM |
| Credit: | Sam Arun Raj of McAfee is credited with the discovery of this vulnerability. |
| Vulnerable: |
Nortel Networks Centrex IP Element Manager 9.0 Nortel Networks Centrex IP Element Manager 8.0 Nortel Networks Centrex IP Element Manager 7.0 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 HP Storage Management Appliance 2.1 Avaya S8100 Media Servers R9 Avaya S8100 Media Servers R8 Avaya S8100 Media Servers R7 Avaya S8100 Media Servers R6 Avaya S8100 Media Servers R12 Avaya S8100 Media Servers R11 Avaya S8100 Media Servers R10 Avaya S8100 Media Servers 0 Avaya Messaging Application Server 0 |
| Not Vulnerable: | |
Discussion
Microsoft Client Service for Netware Denial of Service Vulnerability
Microsoft Client Service for Netware is prone to a denial-of-service vulnerability.
Exploiting this issue would cause the affected computer to crash, denying service to legitimate users.
Microsoft Client Service for Netware is prone to a denial-of-service vulnerability.
Exploiting this issue would cause the affected computer to crash, denying service to legitimate users.
Exploit / POC
Microsoft Client Service for Netware Denial of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at [email protected]
Solution / Fix
Microsoft Client Service for Netware Denial of Service Vulnerability
Solution:
Microsoft has released a security advisory addressing this issue. Please see the references for more information.
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows XP Professional SP2
Microsoft Windows 2000 Server SP4
Microsoft Windows Server 2003 Enterprise Edition
Solution:
Microsoft has released a security advisory addressing this issue. Please see the references for more information.
Microsoft Windows XP Tablet PC Edition SP2
-
Microsoft Security Update for Windows XP (KB923980)
http://www.microsoft.com/downloads/details.aspx?familyid=2f54258f-1071 -467b-80a2-e4dbfc050667&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition SP1
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Web Edition
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Web Edition SP1
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Standard Edition SP1
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows Server 2003 Standard Edition
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
Microsoft Windows XP Professional SP2
-
Microsoft Security Update for Windows XP (KB923980)
http://www.microsoft.com/downloads/details.aspx?familyid=2f54258f-1071 -467b-80a2-e4dbfc050667&displaylang=en
Microsoft Windows 2000 Server SP4
-
Microsoft Security Update for Windows 2000 (KB923980)
http://www.microsoft.com/downloads/details.aspx?familyid=3cf0b0d1-ff07 -40ac-a6ac-44dc4a54f91e&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition
-
Microsoft Security Update for Windows Server 2003 and Windows Server 2003 SP1 (KB923980)
http://www.microsoft.com/downloads/details.aspx?FamilyId=W2K3
References
Microsoft Client Service for Netware Denial of Service Vulnerability
References:
References:
- Vendor Home Page (Microsoft)
- Vulnerabilities in Client Service for NetWare ([email protected])
- Avaya: Microsoft Security Bulletin Summary for November 2006 MS06-66 - MS06-71 (Avaya)
- CENTREX IP CLIENT MANAGER (CICM) RESPONSE TO MICROSOFT (Nortel Networks)
- Microsoft Security Bulletin MS06-066 (Microsoft)