Lucene search

K
saintSAINT CorporationSAINT:A71D3539033ACF803A27568E3107123C
HistoryJul 28, 2006 - 12:00 a.m.

Windows RASMAN registry corruption vulnerability

2006-07-2800:00:00
SAINT Corporation
download.saintcorporation.com
11

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.939 High

EPSS

Percentile

99.1%

Added: 07/28/2006
CVE: CVE-2006-2371
BID: 18358
OSVDB: 26436

Background

The Routing and Remote Access Service (RRAS) allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator. The Remote Access Connection Manager (RASMAN) service handles the details of establishing the connection to the remote server.

Problem

A buffer overflow in the RASMAN service can lead to registry corruption, allowing a remote attacker to execute arbitrary commands.

Resolution

Install the patch referenced in Microsoft Security Bulletin 06-025.

References

<http://www.microsoft.com/technet/security/bulletin/ms06-025.mspx&gt;
<http://www.kb.cert.org/vuls/id/814644&gt;

Limitations

In order for this exploit to succeed, valid login credentials are required, the Remote Access Connection Manager service must be started on the target, and the Routing and Remote Access service must be configured on the target. To configure the Routing and Remote Access service, open the service, right-click the computer name, choose “Configure and Enable Routing and Remote Access”, click “Next”, Choose “Network router”, click “Next”, and use the default settings to finish the configuration.

The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for performing Windows authentication, which is a requirement for successful exploitation. These packages are available from <http://cpan.org/modules/by-module/&gt;.

Platforms

Windows 2000

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.939 High

EPSS

Percentile

99.1%