CVE-2006-2374
published 2006-06-13CVE-2006-2374: The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a…
PriorityP421medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EXPLOIT
EPSS
1.81%
75.9th percentile
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030)
exploitdb·2006-06-14
CVE-2006-2374 Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030)
Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030)
---
///////////////////////////////////////////////////////////////////////////////////////
// Mrxsmb.sys XP & 2K Ring0 Exploit (6/12/2005)
// Tested on XP SP2 && 2K SP4
// Disable ReadOnly Memory protection
// HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\EnforceWriteProtection = 0
// -----------------------------------------------------------------------------------
// ONLY FOR EDUCATIONAL PURPOSES.
// -----------------------------------------------------------------------------------
// Rubén Santamarta.
// www.reversemode.com
// -----------------------------------------------------------------------------------
// OVERVIEW
// -------------------------------------------------------
Exploit-DB
Microsoft SMB Driver - Local Denial of Service
exploitdb·2006-06-13
CVE-2006-2374 Microsoft SMB Driver - Local Denial of Service
Microsoft SMB Driver - Local Denial of Service
---
// source: https://www.securityfocus.com/bid/18357/info
The Microsoft SMB driver is prone to a local denial-of-service vulnerability.
A local attacker can exploit this issue to create processes that cannot be killed in affected operating systems, potentially denying service to legitimate users and other software on affected computers. This may aid the attacker in further attacks.
////////////////////////////////////////////////////////////////////////////////
///////// MRXSMB.SYS NtClose DEADLOCK exploit///////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
//November 19,2005
////////////////////////////////////////////////////////////////////////////////
//////////////////
No writeups or analysis indexed.
CWE
Deadlock
mitre_cwe·CVSS 2.1
[LOW] CWE-833 Deadlock
CWE-833: Deadlock
The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Availability. Impact: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Other), DoS: Crash, Exit, or Restart. Each thread of execution will "hang" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done
CWE
Improper Locking
mitre_cwe
CWE-667 Improper Locking
CWE-667: Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process. This can lead to data or memory corruption, denial of service, etc.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Common Consequences:
Scope: A
http://secunia.com/advisories/20635http://securitytracker.com/id?1016288http://www.idefense.com/intelligence/vulnerabilities/display.php?id=409http://www.osvdb.org/26439http://www.securityfocus.com/bid/18357http://www.vupen.com/english/advisories/2006/2327https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030https://exchange.xforce.ibmcloud.com/vulnerabilities/26830https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1827https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1841https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1850https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1979https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2030https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2060http://secunia.com/advisories/20635http://securitytracker.com/id?1016288http://www.idefense.com/intelligence/vulnerabilities/display.php?id=409http://www.osvdb.org/26439http://www.securityfocus.com/bid/18357http://www.vupen.com/english/advisories/2006/2327https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030https://exchange.xforce.ibmcloud.com/vulnerabilities/26830https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1827https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1841https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1850https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1979https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2030https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2060
2006-06-13
Published