TITLE:
Microsoft Windows TCP/IP Protocol Driver Buffer Overflow
SECUNIA ADVISORY ID:
SA20639
VERIFY ADVISORY:
http://secunia.c
om/advisories/20639/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
From remote
OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/pro
duct/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/p
roduct/1177/
Microsoft Windows 2000 Professional
http://secunia.com/prod
uct/1/
Microsoft Windows 2000 Server
http://secunia.com/pro
duct/20/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/p
roduct/1175/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/p
roduct/1174/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/p
roduct/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/p
roduct/1176/
Microsoft Windows XP Home Edition
http://secunia.com/pro
duct/16/
Microsoft Windows XP Professional
http://secunia.com/pro
duct/22/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows,
which
can be
exploited by malicious people to cause a DoS (Denial of
Service) or
potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the
TCP/IP
protocol driver within the IP source routing mechanism and
can
be
exploited via a specially crafted IP packet.
According to the vendor, successful exploitation most likely
causes a
crash, but may potentially allow execution of arbitrary
code.
However,
exploitation requires that "IP Source Routing"
is enabled
(disabled by
default on Windows XP SP2 and Windows Server 2003 SP1) or
the
"Routing
and Remote Access Service" is enabled (disabled by
default).
SOLUTION:
Apply patches.
Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=305e208c-d75c-471b-9e5
7-30d01e320ad1
Windows XP SP1/SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=b62abe8e-4735-4934-a66
e-5b957986efbf
Windows XP Professional x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=44213900-9082-45dc-b51
4-31d38717fe89
Windows Server 2003 and Windows Server 2003 SP1:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=ea319c61-b405-41ab-9ee
e-d5b3488b90e0
Windows Server 2003 for Itanium-based systems and Windows
Server 2003
with SP1 for Itanium-based systems:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=cd8b88b5-f90f-4c0c-a5a
d-3641751381c9
Windows Server 2003 x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=cd8699bc-6760-4f0e-b8e
0-2e7d89092ce8
ORIGINAL ADVISORY:
MS06-032 (KB917953):
http://www.microsoft.com/technet/security/Bullet
in/MS06-032.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|