CERT-In Vulnerability Note CIVN-2006-131
Remote Code Execution Vulnerability in Microsoft Windows RIS
Original Issue Date: December 13, 2006
Severity Rating:
Medium
System Affected
Microsoft Windows 2000 Service Pack 4
Overview A remote code execution vulnerability exists in Microsoft Windows RIS implementation which could allow an attacker to compromise operating system installs offered by RIS sever.
Description
A remote code execution vulnerability has been reported in Microsoft Windows Remote Installation Services (RIS) implementation which is caused by allowing anonymous access to the file structure of a hosted operating system build through the RIS TFTP service.
Remote Installation Services (RIS) is a Pre-boot Execution Environment (PXE)-based deployment technology that allows Windows setup to initiate over a network.
Any anonymous user who could deliver a specially crafted executable or file to the affected RIS system could try to exploit this vulnerability at a later time on systems that are built using the tampered operating system build and could remotely take complete control of it.
Workarounds
- Configure the TFTP service as read only.
- Block port 69 (UDP) at the firewall for all unsolicited inbound communication from the Internet
- Stop the TFTP service if it is not needed.
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-077 Vendor Information
Microsoft
http://www.microsoft.com/technet/security/bulletin/ms06-077.mspx
References
Secunia
http://secunia.com/advisories/23312/
Security Tracker
http://securitytracker.com/alerts/2006/Dec/1017368.html
FrSirt
http://www.frsirt.com/english/advisories/2006/4970
CVE Name
CVE-2006-5584
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
