CVE-2006-3880 (CNNVD-200607-445)
中文标题:
Windows Small Business Server TCP标头字段远程拒绝服务漏洞
英文标题:
Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow rem...
漏洞描述
中文描述:
Microsoft Windows NT 4.0, Windows 2000, Windows XP和Windows Small Business Server 2003可以使远程攻击者借助某些TCP标头字段中有不正确的TCP标头校验和和随机数字的TCP 135端口上的连续数据包流,引起拒绝服务(IP堆栈挂起),比如Achilles Windows Attack Tool。注: 研究者报告称,Microsoft Security Response Center已表示"我方的调查包括了代码检查、TCPDump的检查以及在多个新安装的各种Windows操作系统上尝试重现此问题,结果都是不能确认。"
英文描述:
Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| microsoft | windows_2000 | * | - | - |
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | datacenter_edition | - | - |
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | datacenter_edition_64-bit | - | - |
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | enterprise_64-bit | - | - |
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | enterprise_edition | - | - |
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*
|
| microsoft | windows_2003_server | enterprise_edition_64-bit | - | - |
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | r2 | - | - |
cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
|
| microsoft | windows_2003_server | sp1 | - | - |
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*
|
| microsoft | windows_2003_server | standard | - | - |
cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | standard_64-bit | - | - |
cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
|
| microsoft | windows_2003_server | web | - | - |
cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
|
| microsoft | windows_xp | * | - | - |
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
AV:N/AC:L/Au:N/C:N/I:N/A:P
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2006-3880 |
2025-11-11 15:17:44 | 2025-11-11 07:32:36 |
| NVD | nvd_CVE-2006-3880 |
2025-11-11 14:51:50 | 2025-11-11 07:41:21 |
| CNNVD | cnnvd_CNNVD-200607-445 |
2025-11-11 15:08:52 | 2025-11-11 07:49:09 |
| EXPLOITDB | exploitdb_EDB-28263 |
2025-11-11 15:05:50 | 2025-11-11 08:24:03 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 3 -> 6
- tags_count: 0 -> 4
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-200607-445
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.0
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:N/I:N/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 12
- data_sources: ['cve'] -> ['cve', 'nvd']