Search...

MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)

2007-07-10T00:00:00

ID SMB_NT_MS07-038.NASL
Type nessus
Reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
Modified 2019-11-02T00:00:00

Description

The remote version of Windows Vista contains a firewall that suffers from an information disclosure vulnerability.

By sending specially crafted packets, an attacker may be able to access some ports of the remote host by going through its Teredo interface.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(25689);
 script_version("1.31");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id("CVE-2007-3038");
 script_bugtraq_id(24779);
 script_xref(name:"MSFT", value:"MS07-038");
 script_xref(name:"MSKB", value:"935807");
 
 script_xref(name:"CERT", value:"101321");

 script_name(english:"MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)");
 script_summary(english:"Determines the presence of update 935807");

 script_set_attribute(attribute:"synopsis", value:
"The remote Windows Vista system contains a firewall that is affected by
an information disclosure vulnerability.");
 script_set_attribute(attribute:"description", value:
"The remote version of Windows Vista contains a firewall that suffers
from an information disclosure vulnerability.

By sending specially crafted packets, an attacker may be able to access
some ports of the remote host by going through its Teredo interface.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-038");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows Vista.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/10");
 script_set_attribute(attribute:"patch_publication_date", value:"2007/07/10");
 script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/10");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}


include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS07-038';
kb = '935807';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(vista:'0') &lt;= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"tunnel.sys", version:"6.0.6000.16501", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"tunnel.sys", version:"6.0.6000.20614", min_version:"6.0.6000.20000", dir:"\system32\drivers", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

JSON Vulners Source

Initial Source

{"id": "SMB_NT_MS07-038.NASL", "bulletinFamily": "scanner", "title": "MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)", "description": "The remote version of Windows Vista contains a firewall that suffers\nfrom an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access\nsome ports of the remote host by going through its Teredo interface.", "published": "2007-07-10T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/25689", "reporter": "This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.", "references": ["https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-038"], "cvelist": ["CVE-2007-3038"], "type": "nessus", "lastseen": "2019-11-03T12:15:44", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2007-3038"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote version of Windows Vista contains a firewall that suffers from an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access some ports of the remote host by going through its Teredo interface.", "edition": 6, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "a86d26c1658a50675a53b08fb45ab1f2d9f6d6ec0175ab1d087286f2bc152b6b", "hashmap": [{"hash": "b81af636e380ee16f74f67c6e9c4ac58", "key": "sourceData"}, {"hash": "9570f8e4e9af170494f007d8a35f0a26", "key": "modified"}, {"hash": "c731818710db0062e8f0e6ced8902ece", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8d1856b856a55c1ebd87b4ee04a0edc3", "key": "published"}, {"hash": "6329ca2720178933d10479c4f1247294", "key": "references"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "21b58d0c2661f05c6226b4262b44b976", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a4606b0d3952bbb788afbcd388c31465", "key": "href"}, {"hash": "52ec0f2cb864d403f89f49b4575a5df2", "key": "cvelist"}, {"hash": "6085a371bab410b4879ce30401a80a35", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25689", "id": "SMB_NT_MS07-038.NASL", "lastseen": "2018-09-01T23:58:39", "modified": "2018-07-27T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "25689", "published": "2007-07-10T00:00:00", "references": ["https://technet.microsoft.com/library/security/MS07-038"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25689);\n script_version(\"1.30\");\n script_cvs_date(\"Date: 2018/07/27 18:38:16\");\n\n script_cve_id(\"CVE-2007-3038\");\n script_bugtraq_id(24779);\n script_xref(name:\"MSFT\", value:\"MS07-038\");\n script_xref(name:\"MSKB\", value:\"935807\");\n \n script_xref(name:\"CERT\", value:\"101321\");\n\n script_name(english:\"MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)\");\n script_summary(english:\"Determines the presence of update 935807\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows Vista system contains a firewall that is affected by\nan information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote version of Windows Vista contains a firewall that suffers\nfrom an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access\nsome ports of the remote host by going through its Teredo interface.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/MS07-038\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released a set of patches for Windows Vista.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS07-038';\nkb = '935807';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.16501\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.20614\", min_version:\"6.0.6000.20000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "title": "MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)", "type": "nessus", "viewCount": 0}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2018-09-01T23:58:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2007-3038"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote version of Windows Vista contains a firewall that suffers from an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access some ports of the remote host by going through its Teredo interface.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "e207d8a4925662c9a39880afe8c8b136cadc9c5e4c048523727d47a81b2241af", "hashmap": [{"hash": "c731818710db0062e8f0e6ced8902ece", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8d1856b856a55c1ebd87b4ee04a0edc3", "key": "published"}, {"hash": "b71a8c6b6abac5aa4b207ed01dd04c46", "key": "modified"}, {"hash": "6329ca2720178933d10479c4f1247294", "key": "references"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "cddeceb575b0961d62fa6cddc39e7086", "key": "sourceData"}, {"hash": "21b58d0c2661f05c6226b4262b44b976", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a4606b0d3952bbb788afbcd388c31465", "key": "href"}, {"hash": "52ec0f2cb864d403f89f49b4575a5df2", "key": "cvelist"}, {"hash": "6085a371bab410b4879ce30401a80a35", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25689", "id": "SMB_NT_MS07-038.NASL", "lastseen": "2017-10-29T13:42:04", "modified": "2017-08-10T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "25689", "published": "2007-07-10T00:00:00", "references": ["https://technet.microsoft.com/library/security/MS07-038"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25689);\n script_version(\"$Revision: 1.29 $\");\n script_cvs_date(\"$Date: 2017/08/10 16:58:11 $\");\n\n script_cve_id(\"CVE-2007-3038\");\n script_bugtraq_id(24779);\n script_osvdb_id(35952);\n script_xref(name:\"MSFT\", value:\"MS07-038\");\n script_xref(name:\"MSKB\", value:\"935807\");\n \n script_xref(name:\"CERT\", value:\"101321\");\n\n script_name(english:\"MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)\");\n script_summary(english:\"Determines the presence of update 935807\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows Vista system contains a firewall that is affected by\nan information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote version of Windows Vista contains a firewall that suffers\nfrom an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access\nsome ports of the remote host by going through its Teredo interface.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/MS07-038\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released a set of patches for Windows Vista.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS07-038';\nkb = '935807';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.16501\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.20614\", min_version:\"6.0.6000.20000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "title": "MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:42:04"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2007-3038"], "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "description": "The remote version of Windows Vista contains a firewall that suffers\nfrom an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access\nsome ports of the remote host by going through its Teredo interface.", "edition": 10, "enchantments": {"dependencies": {"modified": "2019-10-28T21:19:44", "references": [{"idList": ["VU:101321"], "type": "cert"}, {"idList": ["SECURITYVULNS:DOC:17443", "SECURITYVULNS:DOC:17447", "SECURITYVULNS:VULN:7909"], "type": "securityvulns"}, {"idList": ["CVE-2007-3038"], "type": "cve"}, {"idList": ["OPENVAS:801717", "OPENVAS:1361412562310801717"], "type": "openvas"}, {"idList": ["OSVDB:35952"], "type": "osvdb"}]}, "score": {"modified": "2019-10-28T21:19:44", "value": 5.0, "vector": "NONE"}}, "hash": "8f877a2be175467c06da523af472ead30a99f7cc149e8d0b6047013b9e8aacde", "hashmap": [{"hash": "80b7e5f38bd58c941fc363556087eb2e", "key": "sourceData"}, {"hash": "828360cd7777de6cfb948a0046bacf67", "key": "reporter"}, {"hash": "8d1856b856a55c1ebd87b4ee04a0edc3", "key": "published"}, {"hash": "539817f87bc7a3ad3842f9c45d8c51c7", "key": "references"}, {"hash": "8d380992361d0a22d1f9d151ddcecabd", "key": "description"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "21b58d0c2661f05c6226b4262b44b976", "key": "pluginID"}, {"hash": "0ec1bc5905eebdadd4aa4f0764cc4720", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "74fe9db6146cb8d1137a651124c9eafa", "key": "href"}, {"hash": "52ec0f2cb864d403f89f49b4575a5df2", "key": "cvelist"}, {"hash": "6085a371bab410b4879ce30401a80a35", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/25689", "id": "SMB_NT_MS07-038.NASL", "lastseen": "2019-10-28T21:19:44", "modified": "2019-10-02T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "25689", "published": "2007-07-10T00:00:00", "references": ["https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-038"], "reporter": "This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25689);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/15 20:50:30\");\n\n script_cve_id(\"CVE-2007-3038\");\n script_bugtraq_id(24779);\n script_xref(name:\"MSFT\", value:\"MS07-038\");\n script_xref(name:\"MSKB\", value:\"935807\");\n \n script_xref(name:\"CERT\", value:\"101321\");\n\n script_name(english:\"MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)\");\n script_summary(english:\"Determines the presence of update 935807\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows Vista system contains a firewall that is affected by\nan information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote version of Windows Vista contains a firewall that suffers\nfrom an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access\nsome ports of the remote host by going through its Teredo interface.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-038\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released a set of patches for Windows Vista.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS07-038';\nkb = '935807';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.16501\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.20614\", min_version:\"6.0.6000.20000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "title": "MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 10, "lastseen": "2019-10-28T21:19:44"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2007-3038"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote version of Windows Vista contains a firewall that suffers from an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access some ports of the remote host by going through its Teredo interface.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "a86d26c1658a50675a53b08fb45ab1f2d9f6d6ec0175ab1d087286f2bc152b6b", "hashmap": [{"hash": "b81af636e380ee16f74f67c6e9c4ac58", "key": "sourceData"}, {"hash": "9570f8e4e9af170494f007d8a35f0a26", "key": "modified"}, {"hash": "c731818710db0062e8f0e6ced8902ece", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8d1856b856a55c1ebd87b4ee04a0edc3", "key": "published"}, {"hash": "6329ca2720178933d10479c4f1247294", "key": "references"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "21b58d0c2661f05c6226b4262b44b976", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a4606b0d3952bbb788afbcd388c31465", "key": "href"}, {"hash": "52ec0f2cb864d403f89f49b4575a5df2", "key": "cvelist"}, {"hash": "6085a371bab410b4879ce30401a80a35", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25689", "id": "SMB_NT_MS07-038.NASL", "lastseen": "2018-07-30T14:10:46", "modified": "2018-07-27T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "25689", "published": "2007-07-10T00:00:00", "references": ["https://technet.microsoft.com/library/security/MS07-038"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25689);\n script_version(\"1.30\");\n script_cvs_date(\"Date: 2018/07/27 18:38:16\");\n\n script_cve_id(\"CVE-2007-3038\");\n script_bugtraq_id(24779);\n script_xref(name:\"MSFT\", value:\"MS07-038\");\n script_xref(name:\"MSKB\", value:\"935807\");\n \n script_xref(name:\"CERT\", value:\"101321\");\n\n script_name(english:\"MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)\");\n script_summary(english:\"Determines the presence of update 935807\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows Vista system contains a firewall that is affected by\nan information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote version of Windows Vista contains a firewall that suffers\nfrom an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access\nsome ports of the remote host by going through its Teredo interface.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/MS07-038\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released a set of patches for Windows Vista.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS07-038';\nkb = '935807';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.16501\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.20614\", min_version:\"6.0.6000.20000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "title": "MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-07-30T14:10:46"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:microsoft:windows"], "cvelist": ["CVE-2007-3038"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "The remote version of Windows Vista contains a firewall that suffers\nfrom an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access\nsome ports of the remote host by going through its Teredo interface.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-01-16T20:07:24", "references": [{"idList": ["VU:101321"], "type": "cert"}, {"idList": ["SECURITYVULNS:DOC:17443", "SECURITYVULNS:DOC:17447", "SECURITYVULNS:VULN:7909"], "type": "securityvulns"}, {"idList": ["CVE-2007-3038"], "type": "cve"}, {"idList": ["OPENVAS:801717", "OPENVAS:1361412562310801717"], "type": "openvas"}, {"idList": ["OSVDB:35952"], "type": "osvdb"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "204390a0f93a52ae6d596b0b6fa85df2d367804e5bea98398da56475dac13a8a", "hashmap": [{"hash": "80b7e5f38bd58c941fc363556087eb2e", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8d1856b856a55c1ebd87b4ee04a0edc3", "key": "published"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "313104e31e57b9f7aa405f5f0fc56a4e", "key": "cvss"}, {"hash": "539817f87bc7a3ad3842f9c45d8c51c7", "key": "references"}, {"hash": "8d380992361d0a22d1f9d151ddcecabd", "key": "description"}, {"hash": "c9898bc973bfffca5119f1a3bfa73a8d", "key": "naslFamily"}, {"hash": "f119fcbd597f778cfd79bca12af8db90", "key": "cpe"}, {"hash": "21b58d0c2661f05c6226b4262b44b976", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "a4606b0d3952bbb788afbcd388c31465", "key": "href"}, {"hash": "52ec0f2cb864d403f89f49b4575a5df2", "key": "cvelist"}, {"hash": "6085a371bab410b4879ce30401a80a35", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=25689", "id": "SMB_NT_MS07-038.NASL", "lastseen": "2019-01-16T20:07:24", "modified": "2018-11-15T00:00:00", "naslFamily": "Windows : Microsoft Bulletins", "objectVersion": "1.3", "pluginID": "25689", "published": "2007-07-10T00:00:00", "references": ["https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-038"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25689);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/15 20:50:30\");\n\n script_cve_id(\"CVE-2007-3038\");\n script_bugtraq_id(24779);\n script_xref(name:\"MSFT\", value:\"MS07-038\");\n script_xref(name:\"MSKB\", value:\"935807\");\n \n script_xref(name:\"CERT\", value:\"101321\");\n\n script_name(english:\"MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)\");\n script_summary(english:\"Determines the presence of update 935807\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows Vista system contains a firewall that is affected by\nan information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote version of Windows Vista contains a firewall that suffers\nfrom an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access\nsome ports of the remote host by going through its Teredo interface.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-038\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released a set of patches for Windows Vista.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS07-038';\nkb = '935807';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.16501\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.20614\", min_version:\"6.0.6000.20000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "title": "MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 8, "lastseen": "2019-01-16T20:07:24"}], "edition": 11, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "f119fcbd597f778cfd79bca12af8db90"}, {"key": "cvelist", "hash": "52ec0f2cb864d403f89f49b4575a5df2"}, {"key": "cvss", "hash": "0ec1bc5905eebdadd4aa4f0764cc4720"}, {"key": "description", "hash": "8d380992361d0a22d1f9d151ddcecabd"}, {"key": "href", "hash": "74fe9db6146cb8d1137a651124c9eafa"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "c9898bc973bfffca5119f1a3bfa73a8d"}, {"key": "pluginID", "hash": "21b58d0c2661f05c6226b4262b44b976"}, {"key": "published", "hash": "8d1856b856a55c1ebd87b4ee04a0edc3"}, {"key": "references", "hash": "539817f87bc7a3ad3842f9c45d8c51c7"}, {"key": "reporter", "hash": "828360cd7777de6cfb948a0046bacf67"}, {"key": "sourceData", "hash": "80b7e5f38bd58c941fc363556087eb2e"}, {"key": "title", "hash": "6085a371bab410b4879ce30401a80a35"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "40d0fd074e8d396524c1b4df893a998125c8438ed59a9ab980670355b32fc915", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3038"]}, {"type": "openvas", "idList": ["OPENVAS:801717", "OPENVAS:1361412562310801717"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7909", "SECURITYVULNS:DOC:17443", "SECURITYVULNS:DOC:17447"]}, {"type": "osvdb", "idList": ["OSVDB:35952"]}, {"type": "cert", "idList": ["VU:101321"]}], "modified": "2019-11-03T12:15:44"}, "score": {"value": 5.0, "vector": "NONE", "modified": "2019-11-03T12:15:44"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25689);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/15 20:50:30\");\n\n script_cve_id(\"CVE-2007-3038\");\n script_bugtraq_id(24779);\n script_xref(name:\"MSFT\", value:\"MS07-038\");\n script_xref(name:\"MSKB\", value:\"935807\");\n \n script_xref(name:\"CERT\", value:\"101321\");\n\n script_name(english:\"MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)\");\n script_summary(english:\"Determines the presence of update 935807\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows Vista system contains a firewall that is affected by\nan information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote version of Windows Vista contains a firewall that suffers\nfrom an information disclosure vulnerability.\n\nBy sending specially crafted packets, an attacker may be able to access\nsome ports of the remote host by going through its Teredo interface.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-038\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released a set of patches for Windows Vista.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/07/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS07-038';\nkb = '935807';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.16501\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"tunnel.sys\", version:\"6.0.6000.20614\", min_version:\"6.0.6000.20000\", dir:\"\\system32\\drivers\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "pluginID": "25689", "cpe": ["cpe:/o:microsoft:windows"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:09:00", "bulletinFamily": "NVD", "description": "The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\"", "modified": "2018-10-16T16:47:00", "id": "CVE-2007-3038", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3038", "published": "2007-07-10T22:30:00", "title": "CVE-2007-3038", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "openvas": [{"lastseen": "2017-07-02T21:13:45", "bulletinFamily": "scanner", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS07-038.", "modified": "2017-02-20T00:00:00", "published": "2011-01-14T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=801717", "id": "OPENVAS:801717", "title": "Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms07-038.nasl 5362 2017-02-20 12:46:39Z cfi $\n#\n# Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n# \n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attacker to bypass firewall settings\n and possibly obtain sensitive information about the system.\n Impact Level: System/Application\";\ntag_affected = \"Microsoft Windows Vista.\";\ntag_insight = \"The flaw is due to an error in the handling of the Teredo transport\n mechanism resulting in network traffic being handled incorrectly though the\n Teredo interface. This may result in certain firewall rules being bypassed.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS07-038.\";\n\nif(description)\n{\n script_id(801717);\n script_version(\"$Revision: 5362 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 13:46:39 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 09:03:25 +0100 (Fri, 14 Jan 2011)\");\n script_cve_id(\"CVE-2007-3038\");\n script_bugtraq_id(24779);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_name(\"Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/26001\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2007/Jul/1018354.html\");\n script_xref(name : \"URL\" , value : \"http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3) <= 0){\n exit(0);\n}\n\n## Hotfix check\nif(hotfix_missing(name:\"935807\") == 0){\n exit(0);\n}\n\n## Get system path for windows vista\ndllPath = registry_get_sz(item:\"PathName\",\n key:\"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\");\nif(!dllPath){\n exit(0);\n}\n\nshare = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:dllPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\",\n string:dllPath + \"\\system32\\drivers\\tunnel.sys\");\n\ndllVer = GetVer(file:file, share:share);\nif(dllVer)\n{\n # Windows Vista\n if(hotfix_check_sp(winVista:3) > 0)\n {\n # Grep for tunnel.sys version < 6.0.6000.16501\n if(version_is_less(version:dllVer, test_version:\"6.0.6000.16501\")){\n security_message(0);\n }\n exit(0);\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:00", "bulletinFamily": "scanner", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS07-038.", "modified": "2019-05-03T00:00:00", "published": "2011-01-14T00:00:00", "id": "OPENVAS:1361412562310801717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801717", "title": "Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801717\");\n script_version(\"2019-05-03T10:54:50+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 10:54:50 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 09:03:25 +0100 (Fri, 14 Jan 2011)\");\n script_cve_id(\"CVE-2007-3038\");\n script_bugtraq_id(24779);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_name(\"Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/26001\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2007/Jul/1018354.html\");\n script_xref(name:\"URL\", value:\"http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/registry_enumerated\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attacker to bypass firewall settings\n and possibly obtain sensitive information about the system.\");\n script_tag(name:\"affected\", value:\"Microsoft Windows Vista.\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error in the handling of the Teredo transport\n mechanism resulting in network traffic being handled incorrectly though the\n Teredo interface. This may result in certain firewall rules being bypassed.\");\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS07-038.\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3) <= 0){\n exit(0);\n}\n\nif(hotfix_missing(name:\"935807\") == 0){\n exit(0);\n}\n\ndllPath = registry_get_sz(item:\"PathName\",\n key:\"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\");\nif(!dllPath){\n exit(0);\n}\n\nshare = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:dllPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\",\n string:dllPath + \"\\system32\\drivers\\tunnel.sys\");\n\ndllVer = GetVer(file:file, share:share);\nif(dllVer)\n{\n if(hotfix_check_sp(winVista:3) > 0)\n {\n if(version_is_less(version:dllVer, test_version:\"6.0.6000.16501\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "description": "Filtering tules are not applied to certein traffic types.", "modified": "2007-07-10T00:00:00", "published": "2007-07-10T00:00:00", "id": "SECURITYVULNS:VULN:7909", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7909", "title": "Microsoft Windows Vista firewall filtering bypass with Toredo", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:22", "bulletinFamily": "software", "description": "Microsoft Security Bulletin MS07-038 - Moderate\r\nVulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)\r\nPublished: July 10, 2007\r\n\r\nVersion: 1.0\r\nGeneral Information\r\nExecutive Summary\r\n\r\nThis moderate security update resolves a privately reported vulnerability. This vulnerability could allow incoming unsolicited network traffic to access a network interface. An attacker could potentially gather information about the affected host.\r\n\r\nThis is a moderate security update for all supported editions of Windows Vista. For more information, see the subsection, Affected and Non-Affected Software, in this section.\r\n\r\nThis security update addresses the vulnerability by modifying the Windows Vista firewall default behavior to block unsolicited traffic communicating over the Teredo interface. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.\r\n\r\nRecommendation: Microsoft recommends that customers consider applying the security update.\r\n\r\nKnown Issues: None.\r\nTop of sectionTop of section\r\nAffected and Non-Affected Software\r\n\r\nThe software listed here has been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.\r\n\r\nAffected Software\r\nOperating System\tMaximum Security Impact\tAggregate Severity Rating\tBulletins Replaced by This Update\r\n\r\nWindows Vista\r\n\t\r\n\r\nInformation Disclosure\r\n\t\r\n\r\nModerate\r\n\t\r\n\r\nNone\r\n\r\nWindows Vista x64 Edition\r\n\t\r\n\r\nInformation Disclosure\r\n\t\r\n\r\nModerate\r\n\t\r\n\r\nNone\r\nTop of sectionTop of section\r\n\t\r\nFrequently Asked Questions (FAQ) Related to This Security Update\r\n\r\nI am using an older version or edition of the software discussed in this security bulletin. What should I do? \r\nThe affected software listed in this bulletin has been tested to determine which versions or editions are affected. Other versions and editions are past their support life cycle. To determine the support life cycle for your product and version, visit Microsoft Support Lifecycle.\r\n\r\nIt should be a priority for customers who have older versions or editions of the software to migrate to supported versions to prevent potential exposure to vulnerabilities. For more information about the Windows Product Lifecycle, visit the following Microsoft Support Lifecycle. For more information about the extended security update support period for these operating system versions, visit the Microsoft Product Support Services Web site.\r\n\r\nCustomers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit the Microsoft Worldwide Information Web site, select the country, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager. For more information, see the Windows Operating System Product Support Lifecycle FAQ.\r\nTop of sectionTop of section\r\nVulnerability Information\r\n\t\r\nSeverity Ratings and Vulnerability Identifiers\r\nVulnerability Severity Rating and Maximum Security Impact by Affected Software\r\nAffected Software\tWindows Vista Firewall Blocking Rule Information Disclosure Vulnerability \u2013 CVE-2007-3038\tAggregate Severity Rating\r\n\r\nWindows Vista\r\n\t\r\n\r\nModerate\r\n\r\nInformation Disclosure\r\n\t\r\n\r\nModerate\r\n\r\nWindows Vista x64 Edition\r\n\t\r\n\r\nModerate\r\n\r\nInformation Disclosure\r\n\t\r\n\r\nModerate\r\nTop of sectionTop of section\r\n\t\r\nWindows Vista Firewall Blocking Rule Information Disclosure Vulnerability \u2013 CVE-2007-3038\r\n\r\nThere is an information disclosure vulnerability in Windows Vista that could allow a remote anonymous attacker to send inbound network traffic to the affected system. It would be possible for the attacker to gain information about the system over the network.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-3038.\r\n\t\r\nMitigating Factors for Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability \u2013 CVE-2007-3038\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factor may be helpful in your situation:\r\n\u2022\t\r\n\r\nThe vulnerability is restricted to only allow attacker to gain system information about the affected system. Valid user credentials would be required to access additional services or local resources.\r\n\u2022\t\r\n\r\nIn Windows Vista, if the network profile is set to \u201cPublic\u201d, the system is not affected by this vulnerability.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability \u2013 CVE-2007-3038\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nDisable Teredo\r\n\r\nYou can help protect against this vulnerability by disabling the Teredo transport mechanisum. This prevents Teredo from being used as a transport or mechanism to traverse the NAT. To do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nRight-click on the Runmenu item and choose Run as elevated.\r\n\r\n2.\r\n\t\r\n\r\nIn the Run box, type Netshintter set st disable\r\n\u2022\t\r\n\r\nDisable Teredo by modifying the registry.\r\n\r\nTeredo can also be disabled by modifying the Windows registry. Create the following registry value to disable Teredo as a transport mechanism.\r\n\r\nNote Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe\r\n\r\n1.\r\n\t\r\n\r\nStart, click Run, type \u201cregedit" (without the quotation marks), and then click OK.\r\n\u2022\t\r\n\r\nHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\\r\n\u2022\t\r\n\r\nDisabledComponents.\r\n\u2022\t\r\n\r\n0x8 to disable Teredo.\r\n\r\nImpact of Workaround: If you disable Teredo, depending on network configuration, applications that use the Teredo interface will not function or be accessible.\r\n\u2022\t\r\n\r\nBlock inbound and outbound Teredo UDP traffic using a Windows Vista Firewall setting.\r\nA custom firewall rule can be created that blocks all Teredo related traffic from communicating with the affected system. To do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nClick Control Panel, click Classic View.\r\n\r\n2.\r\n\t\r\n\r\nClick Administrative Tools and then Double-click Windows Firewall with Advanced Security.\r\n\r\n3.\r\n\t\r\n\r\nSelect Inbound Rules.\r\n\r\n4.\r\n\t\r\n\r\nSelect CoreNetworking - Teredo (UDP-In).\r\n\r\n5.\r\n\t\r\n\r\nRight click, select Properties.\r\n\r\n6.\r\n\t\r\n\r\nSelect \u201cBlock the connections\u201d.\r\n\r\n7.\r\n\t\r\n\r\nSelect Outbound Rules.\r\n\r\n8.\r\n\t\r\n\r\nSelect Core Networking - Teredo (UDP-Out).\r\n\r\n9.\r\n\t\r\n\r\nRight click, select Properties.\r\n\r\n10.\r\n\t\r\n\r\nSelect \u201cBlock the connections\u201d.\r\n\r\nImpact of Workaround: If you block Teredo network traffic using the custom Windows Firewall rule, applications that use the Teredo interface will not function properly or be accessible.\r\n\u2022\t\r\n\r\nBlock Teredo UDP outbound traffic on perimeter firewalls.\r\n\r\nBlocking all outbound UDP traffic destined to port 3544 at the network perimeter will disallow affected Vista systems from communicating with external attempts to exploit the vulnerability.\r\n\r\nImpact of Workaround:Depending on network configuration, applications that use the Teredo interface will not function or be accessible outside of the network perimeter.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability \u2013 CVE-2007-3038\r\n\r\nWhat is the scope of the vulnerability?\r\nThis is an information disclosure vulnerability. An attacker who successfully exploited this vulnerability could gain information about the vulnerable system and be able to identify it\u2019s existence on the network.\r\n\r\nWhat causes the vulnerability\r\nOn Windows Vista, network traffic is handled incorrectly through the Teredo interface which causes some firewall rules to by bypassed.\r\n\r\nWhat might an attacker use the vulnerability to do?\r\nAn attacker who successfully exploited this vulnerability could bypass some of the firewall rules of an affected system.\r\n\r\nHow could an attacker exploit the vulnerability?\r\nAn attacker could remotely activate the Teredo interface under certain configuration scenarios or would have to convince a user to click a link containing a Teredo network address on a Web site, in an e-mail message or Instant Messenger message. Clicking the link would cause Teredo to enter an active state and subsequently cause the affected host to initiate communications with the attacker. This would then allow the attacker to know the target\u2019s Teredo network address which could then be used to send communications to the host that are not blocked by the local Windows Vista firewall. Additionally, as Teredo facilitates network tunneling once a connection is established with an attacker, it would also be possible for the communications to potentially bypass network perimeter firewalls.\r\n\r\nWhat is Teredo?\r\nTeredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind one or multiple IPv4 network address translators (NATs). To traverse IPv4 NATs, IPv6 packets are sent as IPv4-based User Datagram Protocol (UDP) messages. See the TechNet Web site for more information regarding the Teredo service.\r\n\r\nCould the vulnerability be exploited over the Internet?\r\nYes, this vulnerability could be exploited over the internet once a user has clicked on specially crafted link containing an IPv6 address causing the Teredo interface to be activated.\r\n\r\nWhat systems are primarily at risk from the vulnerability?\r\nAny Windows Vista system where the network profile is not set to \u201cPublic\u201d could be at risk from this vulnerability. Windows Vista systems that use Remote Assistance or Meeting Space may be at more risk because these applications automatically place Teredo in an active state.\r\n\r\nWhat does the update do?\r\nThe update modifies the Windows Vista firewall and core network components to ensure that the default behavior is to block unsolicited traffic over the Teredo interface.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed?\r\nNo. Microsoft received information about this vulnerability through responsible disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?\r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\nUpdate Information\r\n\t\r\nDetection and Deployment Tools and Guidance\r\n\r\nManage the software and security updates you need to deploy to the servers, desktop, and mobile computers in your organization. For more information see the TechNet Update Management Center. The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.\r\n\r\nSecurity updates are available from Microsoft Update, Windows Update, and Office Update. Security updates are also available at the Microsoft Download Center. You can find them most easily by doing a keyword search for "security_patch". Finally, security updates can be downloaded from the Windows Update Catalog. For more information about the Windows Update Catalog, see Microsoft Knowledge Base Article 323166.\r\n\r\nDetection and Deployment Guidance\r\n\r\nMicrosoft has provided detection and deployment guidance for this month\u2019s security updates. This guidance will also help IT professionals understand how they can use various tools to help deploy the security update, such as Windows Update, Microsoft Update, Office Update, the Microsoft Baseline Security Analyzer (MBSA), the Office Detection Tool, Microsoft Systems Management Server (SMS), the Extended Security Update Inventory Tool, and the Enterprise Update Scan Tool (EST). For more information, see Microsoft Knowledge Base Article 910723.\r\n\r\nMicrosoft Baseline Security Analyzer\r\n\r\nMicrosoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. For more information about MBSA visit Microsoft Baseline Security Analyzer Web site. The following table provides the MBSA detection summary for this security update.\r\nSoftware\tMBSA 1.2.1\tMBSA 2.0.1\r\n\r\nWindows Vista\r\n\t\r\n\r\nNo\r\n\t\r\n\r\nSee Note for Windows Vista below\r\n\r\nWindows Vista x64 Edition\r\n\t\r\n\r\nNo\r\n\t\r\n\r\nSee Note for Windows Vista below\r\n\r\nNote for Windows Vista Microsoft does not support installing MBSA 2.0.1 on computers that run Windows Vista, but you may install MBSA 2.0.1 on a supported operating system and then scan the Windows Vista-based computer remotely. For additional information about MBSA support for Windows Vista, visit the MBSA Web site. See also Microsoft Knowledge Base Article 931943: Microsoft Baseline Security Analyzer (MBSA) support for Windows Vista.\r\n\r\nWindows Server Update Services\r\n\r\nBy using Windows Server Update Services (WSUS), administrators can deploy the latest critical updates and security updates for Windows 2000 operating systems and later, Office XP and later, Exchange Server 2003, and SQL Server 2000 to Windows 2000 and later operating systems. For more information about how to deploy this security update using Windows Server Update Services, visit the Windows Server Update Services Web site.\r\n\r\nSystems Management Server\r\n\r\nThe following table provides the SMS detection and deployment summary for this security update.\r\nSoftware\tSMS 2.0\tSMS 2003\r\n\r\nWindows Vista\r\n\t\r\n\r\nNo\r\n\t\r\n\r\nSee Note for Windows Vistabelow\r\n\r\nWindows Vista x64 Edition\r\n\t\r\n\r\nNo\r\n\t\r\n\r\nSee Note for Windows Vistabelow\r\n\r\nFor SMS 2.0, the SMS SUS Feature Pack, which includes the Security Update Inventory Tool (SUIT), can be used by SMS to detect security updates. SMS SUIT uses the MBSA 1.2.1 engine for detection. For more information about SUIT, visit the following Microsoft Web site. For more information about the limitations of SUIT, see Microsoft Knowledge Base Article 306460. The SMS SUS Feature Pack also includes the Microsoft Office Inventory Tool to detect required updates for Microsoft Office applications.\r\n\r\nFor SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are offered by Microsoft Update and that are supported by Windows Server Update Services. For more information about the SMS 2003 ITMU, visit the following Microsoft Web site. SMS 2003 can also use the Microsoft Office Inventory Tool to detect required updates for Microsoft Office applications.\r\n\r\nNote for Windows Vista Microsoft Systems Management Server 2003 with Service Pack 3 includes support for Windows Vista manageability.\r\n\r\nFor more information about SMS, visit the SMS Web site.\r\nTop of sectionTop of section\r\n\t\r\nSecurity Update Deployment\r\n\r\nAffected Software\r\n\r\nFor information about the specific security update for your affected software, click the appropriate link:\r\n\t\r\nWindows Vista (all versions)\r\n\r\nReference Table\r\n\r\nThe following table contains the security update information for this software. You can find additional information in the subsection, Deployment Information, in this section.\r\n\r\nInclusion in Future Service Packs\r\n\t\r\n\r\nThe update for this issue may be included in a future update rollup\r\n\r\nDeployment\r\n\t\r\n\r\n \r\n\r\nInstalling without user intervention\r\n\t\r\n\r\nWindows Vista:\r\nWindows6.0-kb 935807-x86-enu /quiet\r\n\r\nInstalling without restarting\r\n\t\r\n\r\nWindows Vista:\r\nWindows6.0-kb 935807-x86-enu /norestart\r\n\r\nFurther information\r\n\t\r\n\r\nSee the subsection, Microsoft Detection and Deployment Tools and Guidance\r\n\r\nRestart Requirement\r\n\t\r\n\r\n \r\n\r\nRestart required\r\n\t\r\n\r\nYes, you must restart your system after you apply this security update\r\n\r\nHotpatching\r\n\t\r\n\r\nNot applicable\r\n\r\nRemoval Information\r\n\t\r\n\r\nTo remove this update, click Control Panel, click Security, then under Windows Update, click View installed updates and select from the list of updates.\r\n\r\nFile Information\r\n\t\r\n\r\nSee the subsection, File Information, in this section, or Microsoft Knowledge Base Article 935807 for the full file manifest\r\n\t\r\nFile Information\r\n\r\nThe English version of this security update has the file attributes that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.\r\n\r\nFor all supported and affected 32-bit editions of Windows Vista:\r\nFile Name\tVersion\tDate\tTime\tSize\tFolder\r\n\r\ncmifw.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n10:48\r\n\t\r\n\r\n61,952\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.0.6000.16501_none_1543edfd01a09982\r\n\r\ncmifw.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:36\r\n\t\r\n\r\n61,952\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.0.6000.20614_none_15c5bbba1ac3a142\r\n\r\niphlpsvc.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n10:48\r\n\t\r\n\r\n178,688\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.16501_none_0ffdd2907f32f6e5\r\n\r\ntunmp.sys\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:56\r\n\t\r\n\r\n15,360\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.16501_none_0ffdd2907f32f6e5\r\n\r\ntunnel.sys\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:57\r\n\t\r\n\r\n23,040\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.16501_none_0ffdd2907f32f6e5\r\n\r\niphlpsvc.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:37\r\n\t\r\n\r\n178,688\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.20614_none_107fa04d9855fea5\r\n\r\ntunmp.sys\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n08:48\r\n\t\r\n\r\n15,360\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.20614_none_107fa04d9855fea5\r\n\r\ntunnel.sys\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n08:48\r\n\t\r\n\r\n23,040\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.20614_none_107fa04d9855fea5\r\n\r\nfirewallapi.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n10:48\r\n\t\r\n\r\n392,192\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_982efb36cab548d8\r\n\r\nicfupgd.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n10:48\r\n\t\r\n\r\n86,016\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_982efb36cab548d8\r\n\r\nmpsdrv.sys\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:55\r\n\t\r\n\r\n63,488\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_982efb36cab548d8\r\n\r\nmpssvc.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n10:48\r\n\t\r\n\r\n396,800\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_982efb36cab548d8\r\n\r\nwfapigp.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n10:50\r\n\t\r\n\r\n16,896\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_982efb36cab548d8\r\n\r\nfirewallapi.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:36\r\n\t\r\n\r\n392,192\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_98b0c8f3e3d85098\r\n\r\nicfupgd.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:36\r\n\t\r\n\r\n86,016\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_98b0c8f3e3d85098\r\n\r\nmpsdrv.sys\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n08:47\r\n\t\r\n\r\n63,488\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_98b0c8f3e3d85098\r\n\r\nmpssvc.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:37\r\n\t\r\n\r\n396,288\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_98b0c8f3e3d85098\r\n\r\nwfapigp.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:38\r\n\t\r\n\r\n16,896\r\n\t\r\n\r\nWindows6.0-KB935807-x86\x86_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_98b0c8f3e3d85098\r\n\r\nFor all supported and affected editions of Windows Vista x64:\r\nFile Name\tVersion\tDate\tTime\tSize\tCPU\tFolder\r\n\r\ncmifw.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:16\r\n\t\r\n\r\n72,192\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.0.6000.16501_none_71628980b9fe0ab8\r\n\r\ncmifw.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:06\r\n\t\r\n\r\n72,192\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.0.6000.20614_none_71e4573dd3211278\r\n\r\niphlpsvc.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:17\r\n\t\r\n\r\n198,144\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.16501_none_6c1c6e143790681b\r\n\r\nTunmp.sys\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:45\r\n\t\r\n\r\n18,432\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.16501_none_6c1c6e143790681b\r\n\r\ntunnel.sys\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:46\r\n\t\r\n\r\n28,160\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.16501_none_6c1c6e143790681b\r\n\r\niphlpsvc.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:07\r\n\t\r\n\r\n197,632\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.20614_none_6c9e3bd150b36fdb\r\n\r\nTunmp.sys\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:40\r\n\t\r\n\r\n18,432\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.20614_none_6c9e3bd150b36fdb\r\n\r\ntunnel.sys\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:40\r\n\t\r\n\r\n28,160\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.20614_none_6c9e3bd150b36fdb\r\n\r\nfirewallapi.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:17\r\n\t\r\n\r\n679,936\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_f44d96ba8312ba0e\r\n\r\nicfupgd.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:17\r\n\t\r\n\r\n106,496\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_f44d96ba8312ba0e\r\n\r\nmpsdrv.sys\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:44\r\n\t\r\n\r\n81,408\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_f44d96ba8312ba0e\r\n\r\nmpssvc.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:17\r\n\t\r\n\r\n580,608\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_f44d96ba8312ba0e\r\n\r\nwfapigp.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:19\r\n\t\r\n\r\n19,968\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_f44d96ba8312ba0e\r\n\r\nfirewallapi.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:06\r\n\t\r\n\r\n679,936\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_f4cf64779c35c1ce\r\n\r\nicfupgd.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:06\r\n\t\r\n\r\n106,496\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_f4cf64779c35c1ce\r\n\r\nmpsdrv.sys\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:39\r\n\t\r\n\r\n81,408\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_f4cf64779c35c1ce\r\n\r\nmpssvc.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:07\r\n\t\r\n\r\n580,096\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_f4cf64779c35c1ce\r\n\r\nwfapigp.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n11:09\r\n\t\r\n\r\n19,968\r\n\t\r\n\r\nX64\r\n\t\r\n\r\nWindows6.0-KB935807-x64\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_f4cf64779c35c1ce\r\n\r\nfirewallapi.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n10:48\r\n\t\r\n\r\n392,192\r\n\t\r\n\r\nX86\r\n\t\r\n\r\nWindows6.0-KB935807-x64\wow64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_fea2410cb7737c09\r\n\r\nwfapigp.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n10:50\r\n\t\r\n\r\n16,896\r\n\t\r\n\r\nX86\r\n\t\r\n\r\nWindows6.0-KB935807-x64\wow64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.16501_none_fea2410cb7737c09\r\n\r\nfirewallapi.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:36\r\n\t\r\n\r\n392,192\r\n\t\r\n\r\nX86\r\n\t\r\n\r\nWindows6.0-KB935807-x64\wow64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_ff240ec9d09683c9\r\n\r\nwfapigp.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:38\r\n\t\r\n\r\n16,896\r\n\t\r\n\r\nX86\r\n\t\r\n\r\nWindows6.0-KB935807-x64\wow64_networking-mpssvc-svc_31bf3856ad364e35_6.0.6000.20614_none_ff240ec9d09683c9\r\n\r\ncmifw.dll\r\n\t\r\n\r\n6.0.6000.16501\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n10:48\r\n\t\r\n\r\n61,952\r\n\t\r\n\r\nX86\r\n\t\r\n\r\nWindows6.0-KB935807-x64\x86_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.0.6000.16501_none_1543edfd01a09982\r\n\r\ncmifw.dll\r\n\t\r\n\r\n6.0.6000.20614\r\n\t\r\n\r\n07-Jun-2007\r\n\t\r\n\r\n09:36\r\n\t\r\n\r\n61,952\r\n\t\r\n\r\nX86\r\n\t\r\n\r\nWindows6.0-KB935807-x64\x86_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_6.0.6000.20614_none_15c5bbba1ac3a142\r\n\r\nNote For a complete list of supported versions, see the Support Lifecycle Index. For a complete list of service packs, see Lifecycle Supported Service Packs. For more information on the support lifecycle policy, see Microsoft Support Lifecycle.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nDeployment Information\r\n\r\nInstalling the Update\r\n\r\nWhen you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been updated by a Windows hotfix. If you have previously installed a hotfix to update one of these files, the installer will apply the LDR version of this update. Otherwise, the installer will apply the GDR version of the update. The LDR version of a file has a higher version number than the GDR version of a file. For more information about this behavior, see Microsoft Knowledge Base Article 824994.For more information about the installer, see Microsoft Knowledge Base Article 934307.\r\n\r\nFor more information about the terminology that appears in this bulletin, such as hotfix, see Microsoft Knowledge Base Article 824684.\r\n\r\nThis security update supports the following setup switches.\r\nSupported Security Update Installation Switches\r\nSwitch\tDescription\r\n\r\n/?, /h, /help\r\n\t\r\n\r\nDisplays help on supported switches.\r\n\r\n/quiet\r\n\t\r\n\r\nSuppresses the display of status or error messages.\r\n\r\n/norestart\r\n\t\r\n\r\nWhen combined with /quiet, the system will not be restarted after installation even if a restart is required to complete installation.\r\n\r\nNote You can combine these switches into one command. For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841. For more information about the Update.exe installer, visit the Microsoft TechNet Web site. For more information about the terminology that appears in this bulletin, such as hotfix, see Microsoft Knowledge Base Article 824684.\r\n\r\nRemoving the Update\r\n\r\nTo remove this update, use the Add or Remove Programs tool in Control Panel.\r\n\r\nVerifying That the Update Has Been Applied\r\n\u2022\t\r\n\r\nMicrosoft Baseline Security Analyzer\r\n\r\nTo verify that a security update has been applied to an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. See the section, Detection and Deployment Tools and Guidance, earlier in this bulletin for more information.\r\n\u2022\t\r\n\r\nFile Version Verification\r\n\r\nBecause there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.\r\n\r\n1.\r\n\t\r\n\r\nClick Start, and then click Search.\r\n\r\n2.\r\n\t\r\n\r\nIn the Search Results pane, click All files and folders under Search Companion.\r\n\r\n3.\r\n\t\r\n\r\nIn the All or part of the file name box, type a file name from the appropriate file information table, and then click Search.\r\n\r\n4.\r\n\t\r\n\r\nIn the list of files, right-click a file name from the appropriate file information table, and then click Properties.\r\n\r\nNote Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.\r\n\r\n5.\r\n\t\r\n\r\nOn the Version tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.\r\n\r\nNote Attributes other than the file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\nOther Information\r\nAcknowledgments\r\n\r\nMicrosoft thanks the following for working with us to help protect customers:\r\n\r\nJim Hoagland and Ollie Whitehouse of Symantec for reporting the Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability \u2013 CVE-2007-3038\r\nTop of sectionTop of section\r\nSupport\r\n\u2022\t\r\n\r\nCustomers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.\r\n\u2022\t\r\n\r\nInternational customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.\r\nTop of sectionTop of section\r\nDisclaimer\r\n\r\nThe information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\nTop of sectionTop of section\r\nRevisions\r\n\u2022\t\r\n\r\nV1.0 (July 10, 2007): Bulletin published.", "modified": "2007-07-10T00:00:00", "published": "2007-07-10T00:00:00", "id": "SECURITYVULNS:DOC:17443", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17443", "title": "Microsoft Security Bulletin MS07-038 - Moderate", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:22", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n Symantec Vulnerability Research\r\n http://www.symantec.com/research\r\n Security Advisory\r\n\r\n Advisory ID: SYMSA-2007-005\r\nAdvisory Title: Vista Windows Firewall Incorrectly Applies\r\n Filtering to Teredo Interface\r\n Author: Jim Hoagland / Ollie Whitehouse\r\n Release Date: 10-07-2007\r\n Application: Windows Firewall (Vista version)\r\n Platform: Windows Vista (RTM and RC2 builds known affected;\r\n XP, 2003 would not be affected)\r\n Severity: Unintended remote exposure to services\r\n Vendor status: Resolved in MS07-038\r\n CVE Number: CVE-2007-3038\r\n Reference: http://www.securityfocus.com/bid/24779\r\n\r\n\r\nOverview:\r\n\r\n Windows Firewall for Windows Vista is the Microsoft provided\r\n firewall solution. It is installed and enabled out-of-the-box,\r\n with most ports filtered.\r\n\r\n Due to an implementation issue, the Windows Firewall does not\r\n apply firewall rules correctly on the Teredo Interface. This\r\n allows a level of remote access to TCP and UDP ports and services\r\n that exceeds what Microsoft expected and what an administrator\r\n would expect.\r\n\r\nDetails:\r\n\r\n Teredo is an IPv4 to IPv6 transition mechanism for IPv6-capable\r\n hosts that are located behind an IPv4 NAT. It is installed and\r\n enabled out-of-the-box on Windows Vista. It provides end-to-end\r\n automatic tunneling through a NAT by tunneling IPv6 over IPv4 UDP\r\n packets. Once a Teredo interface becomes set up (in Teredo\r\n terminology: qualified), anyone on the Internet that knows the\r\n Teredo address can send it packets and possibly establish\r\n sessions. This capability persists until the Teredo interface\r\n becomes de-qualified for some reason; while in general Teredo\r\n works to keep an Teredo interface qualified, under some\r\n circumstances, Vista will shut down the interface after 60 minutes\r\n of inactivity.\r\n\r\n By design, Windows Firewall is supposed to block all access to\r\n ports on the Teredo interface, except for cases where\r\n access-though-Teredo is specifically requested (through the "Edge\r\n Traversal" flag in the firewall rule being set). However, due to a\r\n logic bug, it does not apply this restriction. Instead, any port\r\n that is accessible on the local network is also accessible from\r\n any host on the Internet over the Teredo interface, even if the\r\n firewall rule specifies "remote address=local subnet".\r\n\r\n The level of exposure depends on current firewall rule settings.\r\n An out-of-the-box Vista installation with a network profile set\r\n to "private" will expose the following port across the Teredo\r\n interface:\r\n\r\n * TCP port 5357 (Web Services for Devices)\r\n\r\n An exposed service may reveal sensitive or useful information to\r\n an attacker. In combination with a vulnerability in the service\r\n it may also provide an avenue of attack. In addition, a service\r\n that was designed to only be accessible in trusted circumstances\r\n may simply not present an adequate security posture for general\r\n Internet access.\r\n\r\n It is not considered difficult for a remote user to cause the\r\n Teredo interface to become qualified. Teredo can become qualified\r\n simply because Vista or some application wants to use IPv6 for\r\n whatever reason. The attacker would then just have to guess the\r\n Teredo address or learn it by some means and they would be able to\r\n access any open ports.\r\n\r\n Teredo will also become qualified if the address of a peer\r\n represents a Teredo address (perhaps even if the peer has a native\r\n IPv6 Internet access). Thus an attacker can send a URL of this\r\n form "http://[2001:0:...]/..." through e-mail, IM, HTTP, etc, and\r\n if the URL is followed, the attacker will both know the Teredo\r\n address of the victim and will have had the victim become\r\n qualified. A HTTP redirect to such a URL would also work and may be\r\n more stealthy. Reportedly, Vista will not return AAAA records\r\n corresponding to Teredo addresses, so attackers Teredo address\r\n would have to be listed by address and not by hostname.\r\n\r\n Vendor Response:\r\n\r\n This has been patched in MS07-038.\r\n\r\n Recommendation:\r\n\r\n Apply the patch contained in MS07-038.\r\n\r\n In addition you should consider whether Teredo poses an acceptable\r\n level of exposure to your network. If it provides too much\r\n exposure (e.g., due to bypassing network-based security controls),\r\n you should disable Teredo and block it on your network\r\n\r\n Common Vulnerabilities and Exposures (CVE) Information:\r\n\r\n The Common Vulnerabilities and Exposures (CVE) project has\r\n assigned the following names to these issues. These are\r\n candidates for inclusion in the CVE list (http://cve.mitre.org),\r\n which standardizes names for security problems.\r\n\r\n\r\n CVE-2007-3038\r\n\r\n -------Symantec Vulnerability Research Advisory Information-------\r\n\r\n For questions about this advisory, or to report an error:\r\n research@symantec.com\r\n\r\n For details on Symantec's Vulnerability Reporting Policy:\r\n http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf\r\n\r\n Symantec Vulnerability Research Advisory Archive:\r\n http://www.symantec.com/research/\r\n\r\n Symantec Vulnerability Research GPG Key:\r\n http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc\r\n\r\n -------------Symantec Product Advisory Information-------------\r\n\r\n To Report a Security Vulnerability in a Symantec Product:\r\n secure@symantec.com\r\n\r\n For general information on Symantec's Product Vulnerability\r\n reporting and response:\r\n\r\n http://www.symantec.com/security/\r\n\r\n Symantec Product Advisory Archive:\r\n http://www.symantec.com/avcenter/security/SymantecAdvisories.html\r\n\r\n Symantec Product Advisory PGP Key:\r\n http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc\r\n\r\n ---------------------------------------------------------------\r\n\r\n Copyright (c) 2007 by Symantec Corp.\r\n Permission to redistribute this alert electronically is granted\r\n as long as it is not edited in any way unless authorized by\r\n Symantec Consulting Services. Reprinting the whole or part of\r\n this alert in any medium other than electronically requires\r\n permission from cs_advisories@symantec.com.\r\n\r\n Disclaimer\r\n The information in the advisory is believed to be accurate at the\r\n time of publishing based on currently available information. Use\r\n of the information constitutes acceptance for use in an AS IS\r\n condition. There are no warranties with regard to this information.\r\n Neither the author nor the publisher accepts any liability for any\r\n direct, indirect, or consequential loss or damage arising from use\r\n of, or reliance on, this information.\r\n\r\n Symantec, Symantec products, and Symantec Consulting Services are\r\n registered trademarks of Symantec Corp. and/or affiliated companies\r\n in the United States and other countries. All other registered and\r\n unregistered trademarks represented in this document are the sole\r\n property of their respective companies/owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (MingW32)\r\n\r\niD8DBQFGkqPyuk7IIFI45IARArOpAJ9oJRUZZpioiHRVq6cEKiu72kbWPACgpuui\r\n2/d+CVOH+uoOpIIXShU98y0=\r\n=AcHW\r\n-----END PGP SIGNATURE-----", "modified": "2007-07-10T00:00:00", "published": "2007-07-10T00:00:00", "id": "SECURITYVULNS:DOC:17447", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17447", "title": "SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt\nUS-CERT Cyber Security Alert: TA07-191A\nSecurity Tracker: 1018354\n[Secunia Advisory ID:26001](https://secuniaresearch.flexerasoftware.com/advisories/26001/)\nOther Advisory URL: http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html\nOVAL ID: 1884\nMicrosoft Security Bulletin: MS07-038\nMicrosoft Knowledge Base Article: 935807\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0078.html\nKeyword: SYMSA-2007-005\nKeyword: aka \"Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.\"\nISS X-Force ID: 35322\nFrSIRT Advisory: ADV-2007-2480\n[CVE-2007-3038](https://vulners.com/cve/CVE-2007-3038)\nCERT VU: 101321\nBugtraq ID: 24779\n", "modified": "2007-07-10T17:22:50", "published": "2007-07-10T17:22:50", "href": "https://vulners.com/osvdb/OSVDB:35952", "id": "OSVDB:35952", "title": "Microsoft Windows Vista Teredo Crafted IPv6 Traffic Blocking Rule Bypass", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "cert": [{"lastseen": "2019-10-09T19:50:42", "bulletinFamily": "info", "description": "### Overview \n\nA vulnerability in the Microsoft Windows Vista firewall may allow an attacker to send unfiltered IPv6 traffic to a vulnerable system.\n\n### Description \n\nInternet Protocol version 6 (IPv6) is an IP standard that is designed to replace the Internet Protocol version 4 (IPv4). The [Microsoft Teredo service](<http://www.microsoft.com/technet/network/ipv6/teredo.mspx>) is used by Microsoft Windows Vista, XP, and Server 2003 to allow clients with only IPv4 connectivity to obtain and use publicly routable IPv6 addresses.\n\nThe Teredo service must be manually enabled by an administrator in Windows XP and Server 2003. The Teredo service is enabled by default in Windows Vista, but is not activated until an application requests an IPv6 address. \n \nThe Windows firewall does not properly apply stateful packet inspection rules to incoming Teredo traffic. \n \nNote that the Teredo service may create a tunnel through perimeter firewalls, bypassing access control lists and content inspection filtering. See RFC 4380 [section 7.1](<http://tools.ietf.org/html/rfc4380#section-7.1>) for more details. \n \n--- \n \n### Impact \n\nA remote, unautheticated attacker may be able to send unsolicited and unfiltered IPv6 traffic to a vulnerable system. \n \n--- \n \n### Solution \n\n**Update** \nMicrosoft has released an update to address this issue. Users are encourgaed to review Microsoft Security Bulletin [MS07-038](<http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx>) and take appropriate action. \n \n--- \n \n \n**Disable Teredo** \n \nDisabling the Teredo service will mitigate this vulnerability. See Microsoft Security Bulletin [MS07-038](<http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx>) for information on how to disable Teredo. \n \n--- \n \n### Vendor Information\n\n101321\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Microsoft Corporation\n\nNotified: July 11, 2007 Updated: July 10, 2007 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23101321 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx>\n * <http://tools.ietf.org/html/rfc4380#section-7.1>\n * <http://en.wikipedia.org/wiki/IPv6>\n * <http://www.microsoft.com/technet/network/ipv6/teredo.mspx>\n * <http://www.symantec.com/avcenter/reference/Teredo_Security.pdf>\n\n### Acknowledgements\n\nThanks to Symantec and Microsoft for information that was used in this report.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-3038](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3038>) \n---|--- \n**Severity Metric:****** | 1.35 \n**Date Public:** | 2007-07-10 \n**Date First Published:** | 2007-07-11 \n**Date Last Updated: ** | 2007-07-11 14:50 UTC \n**Document Revision: ** | 13 \n", "modified": "2007-07-11T14:50:00", "published": "2007-07-11T00:00:00", "id": "VU:101321", "href": "https://www.kb.cert.org/vuls/id/101321", "type": "cert", "title": "Microsoft Windows Vista Teredo IPv6 interface firewall bypass vulnerability", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}]}

MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)

Description

The remote version of Windows Vista contains a firewall that suffers from an information disclosure vulnerability. By sending specially crafted packets, an attacker may be able to access some ports of the remote host by going through its Teredo interface.

The remote version of Windows Vista contains a firewall that suffers from an information disclosure vulnerability.

By sending specially crafted packets, an attacker may be able to access some ports of the remote host by going through its Teredo interface.