CERT-In Vulnerability Note CIVN-2006-102
Multiple Denial of Service Vulnerabilities in Microsoft Windows TCP/IP IPv6
Original Issue Date: October 11, 2006
Severity Rating:
Low
Systems Affected
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
Overview Multiple Vulnerabilities have been reported in TCP/IP IPv6 stack in Microsoft Windows environment. An attacker who successfully exploited the most severe of these vulnerabilities against an affected system could cause the system to stop responding or automatically reboot.
Description
Internet Protocol version 6 (IPv6), a new suite of standard protocols for the network layer of the Internet, is built into Microsoft Windows XP and later.
ICMP Connection Reset Vulnerability – CVE-2004-0790:
Internet Control Message Protocol (ICMP) is a required TCP/IP standard. Hosts and routers that use IP communication can report errors and exchange limited control and status information using ICMP.
When specially crafted ICMP packets are parsed, they are dropped which may cause the reset of an existing connection.
An attacker who exploited this vulnerability could cause the affected system to reset TCP connections. TCP Connection Reset Vulnerability – CVE-2004-0230:
When specially crafted TCP packets are parsed, they are dropped which may cause the reset of an existing connection.
An attacker who exploited this vulnerability could cause the affected system to reset TCP connections. Spoofed Connection Request Vulnerability – CVE-2005-0688:
The affected operating systems perform incomplete validation of TCP/IP network packets. This vulnerability occurs when a TCP SYN packet is received with a spoofed source IP address and port number that is identical to that of the destination IP address and port. The effect of this makes it appear that the host computer has sent a packet to itself. If this attack is successful, a loop is created and extra computer CPU time is used.
An attacker who exploited this vulnerability could cause the affected system to stop responding for a limited time as a result of excessive CPU utilization.
Workarounds
- Uninstall IPv6 if not explicitly required.
- Block all ICMP network packets at the firewall or at the router
- Block ICMP traffic by using IPSec on the affected systems.
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-064
Vendor Information Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-064.mspx References
Secunia
http://secunia.com/advisories/22341/
Security Focus
http://www.securityfocus.com/bid/13124
http://www.securityfocus.com/bid/10183
http://www.securityfocus.com/bid/13658
Security Tracker
http://securitytracker.com/alerts/2006/Oct/1017036.html
FrSIRT
http://www.frsirt.com/english/advisories/2006/3983
CVE Name
CVE-2004-0790
CVE-2004-0230
CVE-2005-0688
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
