CVE-2006-2374

The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/20635	Broken Link Third Party Advisory
http://securitytracker.com/id?1016288	Broken Link Third Party Advisory VDB Entry
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=409	Not Applicable
http://www.osvdb.org/26439	Broken Link
http://www.securityfocus.com/bid/18357	Broken Link Exploit Patch Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2006/2327	Broken Link Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26830	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1827	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1841	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1850	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1979	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2030	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2060	Broken Link Third Party Advisory
http://secunia.com/advisories/20635	Broken Link Third Party Advisory
http://securitytracker.com/id?1016288	Broken Link Third Party Advisory VDB Entry
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=409	Not Applicable
http://www.osvdb.org/26439	Broken Link
http://www.securityfocus.com/bid/18357	Broken Link Exploit Patch Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2006/2327	Broken Link Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26830	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1827	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1841	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1850	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1979	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2030	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2060	Broken Link Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000:-:sp4::::::
	cpe:2.3:o:microsoft:windows_2003_server:-:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:-::::::itanium:
	cpe:2.3:o:microsoft:windows_2003_server:-::::::x64:
	cpe:2.3:o:microsoft:windows_2003_server:-:sp1::::::
	cpe:2.3:o:microsoft:windows_2003_server:-:sp1:::::itanium:*
	cpe:2.3:o:microsoft:windows_xp:-::::professional::x64:*
	cpe:2.3:o:microsoft:windows_xp:-:sp1::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::

History

No history.

Information

Published : 2006-06-13 19:06

Updated : 2025-04-03 01:03

NVD link : CVE-2006-2374

Mitre link : CVE-2006-2374

CVE.ORG link : CVE-2006-2374

JSON object : View

Products Affected

microsoft

windows_xp
windows_2000
windows_2003_server

CWE

CWE-667

Improper Locking

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2006-2374

5.5^/10

2.1^/10

Attach tags to `CVE-2006-2374`