Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-2370

Published: 13/06/2006 Updated: 30/04/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Windows 2003 Server

Vulnerability Summary

Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and previous versions allows remote unauthenticated or authenticated malicious users to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 2003 server datacenter_edition

microsoft windows 2003 server enterprise_edition_64-bit

microsoft windows 2003 server r2

microsoft windows xp

microsoft windows 2000

microsoft windows 2003 server enterprise_edition

microsoft windows 2003 server web

microsoft windows 2003 server datacenter_edition_64-bit

microsoft windows 2003 server sp1

microsoft windows 2003 server standard

microsoft windows 2003 server enterprise_64-bit

microsoft windows 2003 server standard_64-bit

Exploits

Exploit DB: Microsoft RRAS Service - RASMAN Registry Overflow (MS06-025) (Metasploit)
## # $Id: ms06_025_rasmans_regrb 10150 2010-08-25 20:55:37Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...
Exploit DB: Microsoft Windows - RRAS RASMAN Registry Stack Overflow (MS06-025) (Metasploit)
## # This file is part of the Metasploit Framework and may be redistributed # according to the licenses defined in the Authors field below In the # case of an unknown or missing license, this file defaults to the same # license as the core Framework (dual GPLv2 and Artistic) The latest # version of the Framework can always be obtained from metasp ...
Exploit DB: Microsoft Windows RRAS - Remote Stack Overflow (MS06-025) (Metasploit)
## # This file is part of the Metasploit Framework and may be redistributed # according to the licenses defined in the Authors field below In the # case of an unknown or missing license, this file defaults to the same # license as the core Framework (dual GPLv2 and Artistic) The latest # version of the Framework can always be obtained from metasp ...
Exploit DB: Microsoft RRAS Service - Remote Overflow (MS06-025) (Metasploit)
## # $Id: ms06_025_rrasrb 9262 2010-05-09 17:45:00Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Me ...

Nmap Scripts

smb-vuln-ms06-025

Detects Microsoft Windows systems with Ras RPC service vulnerable to MS06-025.

nmap --script smb-vuln-ms06-025.nse -p445 <host>
nmap -sU --script smb-vuln-ms06-025.nse -p U:137,T:139 <host>

| smb-vuln-ms06-025:
|   VULNERABLE:
|   RRAS Memory Corruption vulnerability (MS06-025)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2006-2370
|           A buffer overflow vulnerability in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1
|           and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to
|           execute arbitrary code via certain crafted "RPC related requests" aka the "RRAS Memory Corruption Vulnerability."
|
|     Disclosure date: 2006-6-27
|     References:
|       https://technet.microsoft.com/en-us/library/security/ms06-025.aspx
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2370

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/18325http://www.us-cert.gov/cas/techalerts/TA06-164A.htmlhttp://www.kb.cert.org/vuls/id/631516http://securitytracker.com/id?1016285http://secunia.com/advisories/20630http://www.osvdb.org/26437http://www.vupen.com/english/advisories/2006/2323https://exchange.xforce.ibmcloud.com/vulnerabilities/26812https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2061https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1936https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1823https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1741https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1720https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1587https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-025https://nvd.nist.govhttps://www.exploit-db.com/exploits/16375/https://www.kb.cert.org/vuls/id/631516
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook