CVE-2006-3840

Name of the Vulnerable Software and Affected Versions ISS products with XPU (24.39/1.78/epj/x.x.x.1780) including Proventia A, G, M, Server, and Desktop versions (affected versions not specified) BlackICE PC and Server Protection version 3.6 RealSecure version 7.0

Description The issue is related to the SMB Mailslot parsing functionality in PAM, which can be exploited by remote attackers to cause a denial of service. This is achieved by sending a crafted SMB packet that is not properly handled, resulting in an infinite loop.

Recommendations For ISS products with XPU (24.39/1.78/epj/x.x.x.1780), consider disabling the SMB Mailslot parsing functionality until a patch is available. For BlackICE PC and Server Protection version 3.6, restrict access to the SMB Mailslot parsing functionality to minimize the risk of exploitation. For RealSecure version 7.0, avoid using the SMB Mailslot parsing functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.