Microsoft IP Source Route Vulnerability

2006-06-13T00:00:00
ID VU:722753
Type cert
Reporter CERT
Modified 2006-06-13T00:00:00

Description

Overview

A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Source routing is a technique to determine the network route for a packet based on information supplied by the sender in the IP packet. The TCP/IP driver in some versions of Microsoft Windows contains a buffer overflow in the handling of packets with source routing information. The driver fails to validate the length of a message before it is passed to an allocated buffer. Microsoft states that IP packets containing IP source route options 131 and 137 could be used to initiate a connection with the affected components.


Impact

A remote attacker with the ability to supply a specially crafted packet may be able to execute arbitrary code on an affected system. The attacker-supplied code would be executed with kernel privileges.


Solution

Apply a patch

Microsoft has published patches for this issue in Microsoft Security Bulletin MS06-032. Users are encouraged to review this bulletin and apply the patches it refers to.


Workarounds

In addition to the patches, Microsoft has also published a number of workarounds for this issue in Microsoft Security Bulletin MS06-032. Users, particularly those who are unable to apply the patch, are encouraged to implement these workarounds.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Microsoft Corporation| | -| 13 Jun 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.microsoft.com/technet/security/bulletin/ms06-032.mspx>

Credit

Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, credits Andrey Minaev with reporting this vulnerability to them.

This document was written by Chad R Dougherty.

Other Information

  • CVE IDs: CVE-2006-2379
  • Date Public: 13 Jun 2006
  • Date First Published: 13 Jun 2006
  • Date Last Updated: 13 Jun 2006
  • Severity Metric: 38.27
  • Document Revision: 5