Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability

Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability. Vulnerability allows remote attacker to bypass firewall settings and possibly obtain sensitive information about the system

Reporter	Title	Published	Views	Family All 10
CVE	CVE-2007-3038	10 Jul 200722:00	–	cve
Cvelist	CVE-2007-3038	10 Jul 200722:00	–	cvelist
NVD	CVE-2007-3038	10 Jul 200722:30	–	nvd
OpenVAS	Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability	14 Jan 201100:00	–	openvas
Prion	Information disclosure	10 Jul 200722:30	–	prion
securityvulns	Microsoft Security Bulletin MS07-038 - Moderate	10 Jul 200700:00	–	securityvulns
securityvulns	SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface	10 Jul 200700:00	–	securityvulns
securityvulns	Microsoft Windows Vista firewall filtering bypass with Toredo	10 Jul 200700:00	–	securityvulns
Tenable Nessus	MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)	10 Jul 200700:00	–	nessus
CERT	Microsoft Windows Vista Teredo IPv6 interface firewall bypass vulnerability	11 Jul 200700:00	–	cert

Source	Link
microsoft	www.microsoft.com/technet/security/bulletin/ms07-038.mspx
securitytracker	www.securitytracker.com/alerts/2007/Jul/1018354.html
secunia	www.secunia.com/advisories/26001

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ms07-038.nasl 5362 2017-02-20 12:46:39Z cfi $
#
# Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
#
# Authors:
# Madhuri D <[email protected]>
# 
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net 
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation allows remote attacker to bypass firewall settings
  and possibly obtain sensitive information about the system.
  Impact Level: System/Application";
tag_affected = "Microsoft Windows Vista.";
tag_insight = "The flaw is due to an error in the handling of the Teredo transport
  mechanism resulting in network traffic being handled incorrectly though the
  Teredo interface. This may result in certain firewall rules being bypassed.";
tag_solution = "Run Windows Update and update the listed hotfixes or download and
  update mentioned hotfixes in the advisory from the below link,
  http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx";
tag_summary = "This host is missing a critical security update according to
  Microsoft Bulletin MS07-038.";

if(description)
{
  script_id(801717);
  script_version("$Revision: 5362 $");
  script_tag(name:"last_modification", value:"$Date: 2017-02-20 13:46:39 +0100 (Mon, 20 Feb 2017) $");
  script_tag(name:"creation_date", value:"2011-01-14 09:03:25 +0100 (Fri, 14 Jan 2011)");
  script_cve_id("CVE-2007-3038");
  script_bugtraq_id(24779);
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_name("Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/26001");
  script_xref(name : "URL" , value : "http://securitytracker.com/alerts/2007/Jul/1018354.html");
  script_xref(name : "URL" , value : "http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx");

  script_tag(name:"qod_type", value:"executable_version");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("secpod_reg_enum.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("SMB/WindowsVersion");

  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  exit(0);
}


include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

if(hotfix_check_sp(winVista:3) <= 0){
  exit(0);
}

## Hotfix check
if(hotfix_missing(name:"935807") == 0){
  exit(0);
}

## Get system path for windows vista
dllPath = registry_get_sz(item:"PathName",
                          key:"SOFTWARE\Microsoft\Windows NT\CurrentVersion");
if(!dllPath){
   exit(0);
}

share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
                    string:dllPath + "\system32\drivers\tunnel.sys");

dllVer = GetVer(file:file, share:share);
if(dllVer)
{
  # Windows Vista
  if(hotfix_check_sp(winVista:3) > 0)
  {
    # Grep for tunnel.sys version < 6.0.6000.16501
    if(version_is_less(version:dllVer, test_version:"6.0.6000.16501")){
          security_message(0);
    }
         exit(0);
  }
}

20 Feb 2017 00:00Current

0.3Low risk

Vulners AI Score0.3

EPSS0.35175