{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"ISS Proventia Desktop ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ISS RealSecure Network Sensor 7.0 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ISS RealSecure Desktop;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ISS Proventia G Series ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ISS Proventia A Series ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ISS Proventia Server ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ISS RealSecure Server Sensor 7.0.","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ISS Proventia M Series ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ISS BlackICE Server Protection 3.6 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ISS BlackICE PC Protection 3.6 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les outils de s\u00e9curit\u00e9 d'ISS\nRealSecure/BlackICE. Ils analysent le protocole SMB/TCP afin de d\u00e9tecter\ndes codes malveillants visant la vuln\u00e9rabilit\u00e9 SMB Mailhost d\u00e9crite dans\nl'avis Microsoft MS06-035. Cependant, la phase d'analyse n'est pas\ncorrectement effectu\u00e9e, et du trafic pouvant \u00eatre l\u00e9gitime cause une\nerreur dans le syst\u00e8me affect\u00e9, ou provoque une perte de connexion\nn\u00e9cessitant un red\u00e9marrage. Une personne malveillante peut \u00e9galement\nenvoyer des paquets similaires afin de cr\u00e9er un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs, pr\u00e9nomm\u00e9s XPU (XPU 24.40) par ISS (cf. section\nDocumentation).\n","cves":[{"name":"CVE-2006-3840","url":"https://www.cve.org/CVERecord?id=CVE-2006-3840"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS06-035 du 11 juillet 2006    :","url":"http://www.microsoft.com/france/technet/security/Bulletin/MS06-035.mspx"},{"title":"Site de mise \u00e0 jour d'ISS :","url":"http://www.iss.net/download"},{"title":"Avis du CERTA CERTA-2006-AVI-283 correspondant au bulletin    Microsoft MS06-035 :","url":"http://www.certa.ssi.gouv.fr/site/CERTA-2006-AVI-283/"},{"title":"Alerte de s\u00e9curit\u00e9 de ISS (Internet Security Systems) du 26    juillet 2006 :","url":"http://xforce.iss.net/xforce/alerts/id/230"}],"reference":"CERTA-2006-AVI-314","revisions":[{"description":"version initiale.","revision_date":"2006-07-27T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans les produits ISS\nRealSecure/BlackICE. Une personne malveillante peut envoyer un paquet\nsp\u00e9cialement con\u00e7u utilisant cette derni\u00e8re afin de cr\u00e9er un d\u00e9ni de\nservice sur le syst\u00e8me vuln\u00e9rable.\n","title":"Vuln\u00e9rabilit\u00e9 dans les produits ISS","vendor_advisories":[{"published_at":null,"title":"Alerte de s\u00e9curit\u00e9 de ISS (Internet Security Systems) du 26 juillet 2006","url":null}]}