CERTVU:115083Microsoft Windows IGMPv3 and MLDv2 processing vulnerability
0.939 High
EPSS
Percentile
99.1%
Overview
Microsoft Windows fails to properly process IGMPv3 and MLDv2 network traffic. If exploited, this vulnerability may result in arbitrary code execution or a denial-of-service condition.
Description
Internet Group Management Protoco (IGMP) is the protocol used by IPv4 hosts to report their multicast group memberships to multicast routers. Version 3 (IGMPv3) adds support for source filtering. IGMP, IGMPv2 and IGMPv3 are specified in RFC 1112, RFC 2236, and RFC 3376.
Multicast Listener Discovery (MLD) is a protocol used by IPv6 routers to discover the presence of nodes who can receive multicast packets. MLD version 2 (MLDv2) adds source address filtering capabilities. MLD and MLDv2 are specified in RFC 2710 and RFC 3810.
Per Microsoft Security Bulletin MS08-001:
A remote code execution vulnerability exists in the Windows kernel due to the way that the Windows kernel handles TCP/IP structures storing the state of IGMPv3 and MLDv2 queries. Supported editions of Microsoft Windows XP, Windows Server 2003, and Windows Vista all support IGMPv3. In addition to IGMPv3, Windows Vista supports MDLv2, which adds multicast support for IPv6 networks. An anonymous attacker could exploit the vulnerability by sending specially crafted IGMPv3 and MLDv2 packets to a computer over the network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Note that Windows 2000 is not affected by this vulnerability.
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition. If a vulnerable system is being used as a network firewall or router, clients relying on that system may also be affected.
Solution
Update
Microsoft has released an update to address this issue. See MS08-001 for more information.
Disable IGMP and MLD
Until updates can be applied disabling IGMP and MLD support may mitigate this vulnerability. See the workarounds section of MS08-001 for more information on disabling IGMP and MLD support in Windows.
Block IGMP and MLD
Using network or host based firewalls to block IGMP and MLD network traffic may prevent this vulnerability from being remotely exploited.
* The workarounds section of [MS08-001](<http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx>) contains instructions on how to configure the Windows Vista host firewall to block IGMP and MLD._ Note that per the Microsoft TechNet article _[_How Windows Firewall Works_](<http://technet2.microsoft.com/windowsserver/en/library/3ccb6af5-d960-4a8d-b12b-70692dc47bf41033.mspx?mfr=true>)_ Windows XP and Server 2003 allow IGMP traffic to pass through the built-in Windows Firewall._
* Linux system administrators may use the `iptables -p` parameter to block the IGMP and MLD protocols.
* Administrators who use PF can set the `proto `keyword to block the IGMP and MLD protocols.
* Cisco ASA administrators can disable IGMP support by using the `no igmp `command as specified in section 11-14 of the Cisco Security Appliance Command Line [Configuration Guide](<http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/conf_gd.html>).
Vendor Information
115083
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Corporation __ Affected
Updated: January 09, 2008
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See <http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23115083 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx>
- <http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx>
- <http://technet2.microsoft.com/windowsserver/en/library/3ccb6af5-d960-4a8d-b12b-70692dc47bf41033.mspx?mfr=true>
- <http://tools.ietf.org/html/rfc1112>
- <http://tools.ietf.org/html/rfc2236>
- <http://tools.ietf.org/html/rfc2710>
- <http://tools.ietf.org/html/rfc3376>
- <http://tools.ietf.org/html/rfc3810>
- <http://iptables-tutorial.frozentux.net/other/iptables.html>
- http://www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5
- <http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/conf_gd.html>
- <http://en.wikipedia.org/wiki/IGMP>
- <http://en.wikipedia.org/wiki/MLD>
Acknowledgements
Microsoft credits Alex Wheeler and Ryan Smith of IBM Internet Security Systems X-Force for reporting this vulenrabilty.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2007-0069 |
|---|---|
| Severity Metric: | 22.72 Date Public: |
References
en.wikipedia.org/wiki/IGMP
en.wikipedia.org/wiki/MLD
iptables-tutorial.frozentux.net/other/iptables.html
technet2.microsoft.com/windowsserver/en/library/3ccb6af5-d960-4a8d-b12b-70692dc47bf41033.mspx?mfr=true
tools.ietf.org/html/rfc1112
tools.ietf.org/html/rfc2236
tools.ietf.org/html/rfc2710
tools.ietf.org/html/rfc3376
tools.ietf.org/html/rfc3810
www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/conf_gd.html
www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5
www.microsoft.com/technet/security/bulletin/ms08-001.mspx
www.microsoft.com/technet/security/bulletin/ms08-001.mspx
Related
