Windows RRAS memory corruption vulnerability

2006-06-30T00:00:00
ID SAINT:C872B91D030457B5E89FF9CE72F1732E
Type saint
Reporter SAINT Corporation
Modified 2006-06-30T00:00:00

Description

Added: 06/30/2006
CVE: CVE-2006-2370
BID: 18325
OSVDB: 26437

Background

The Routing and Remote Access Service (RRAS) allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator.

Problem

A buffer overflow in RRAS allows remote attackers to execute arbitrary commands.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 06-025.

References

<http://www.kb.cert.org/vuls/id/631516>

Limitations

The Remote Access Connection Manager service must be running in order for this exploit to succeed.

On Windows 2000, the Routing and Remote Access service must also be running and configured, and valid Windows login credentials are required. (Credentials are not required on Windows XP.)

The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for performing Windows authentication, which is a requirement for successful exploitation on Windows 2000. These packages are available from <http://cpan.org/modules/by-module/>.

Platforms

Windows 2000
Windows XP