===================================================================== CERT-Renater Note d'Information No. 2006/VULN529 _____________________________________________________________________ DATE : 15/11/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows 2000, Windows XP, Windows Server 2003 running Client Service for NetWare. ====================================================================== MS06-066 - Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980) Affected Software: - Microsoft Windows 2000 Service Pack 4 - Microsoft Windows XP Service Pack 2 - Microsoft Windows Server 2003 - Microsoft Windows Server 2003 Service Pack 1 Full MS06-066 Advisory: - http://www.microsoft.com/technet/security/Bulletin/MS06-066.mspx Vulerability Details: Client Service for NetWare Memory Corruption Vulnerability: CVE-2006-4688 There is a remote code execution vulnerability in Client Service for NetWare (CSNW) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. NetWare Driver Denial of Service Vulnerability: CVE-2006-4689 A denial of service vulnerability exists in Client Service for NetWare (CSNW) that could allow an attacker to send a specially crafted network message to an affected system running the Client Service for NetWare service. An attacker could cause the system to stop responding. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================