TITLE:
Windows Vista Firewall Teredo Blocking Rule Security Bypass
SECUNIA ADVISORY ID:
SA26001
VERIFY ADVISORY:
http://secunia.c
om/advisories/26001/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
>From remote
OPERATING SYSTEM:
Microsoft Windows Vista
http://secunia.com/
product/13223/
DESCRIPTION:
A security issue has been reported in Windows Vista, which
can
be
exploited by malicious people to bypass certain security
restrictions.
The problem is caused due to an error in the handling of
the
Teredo
transport mechanism resulting in network traffic being
handled
incorrectly though the Teredo interface. This may result in
certain
firewall rules being bypassed.
Successful exploitation may disclose certain information
about
a
system and its existence, but requires that the system's
network
profile is not set to "Public" and that a user
e.g. is tricked
into
clicking a specially crafted link.
SOLUTION:
Apply patches.
Windows Vista:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=e9b64746-6afa-4a30-833
d-e058e000c821
Windows Vista x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=0df5d190-3ad7-42d5-862
9-43c47ec450cb
ORIGINAL ADVISORY:
MS07-038 (KB935807):
http://www.microsoft.com/technet/security/Bullet
in/MS07-038.mspx
Symantec:
http://www.symantec.com/content/en/u
s/enterprise/research/SYMSA-2007-005.txt
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
