CERT-In Vulnerability Note CIVN-2006-53
Microsoft Windows RPC Mutual Authentication Spoofing Vulnerability
Original Issue Date: June 14, 2006
Severity Rating: Low
Systems Affected
- Microsoft Windows 2000 Service Pack 4
Overview
A spoofing vulnerability has been reported in Remote Procedure Call (RPC) Applications due to a validation error. This vulnerability could be exploited by an attacker to impersonate a valid service.
Description
Mutual Authentication allows the client and the server machines to exchange credentials to verify identities before data is exchanged.
The vulnerability is caused due to a validation error in identifying RPC Server while utilizing mutual authentication over Secure Socket Layer (SSL).
The attacker could exploit this vulnerability by persuading a user to connect to a resource which requires mutual authentication using SSL which is configured to impersonate a valid RPC server.
Workarounds
- Use IPSec to ensure the identity of a system to mitigate risk from network-based attacks
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-031
References
Microsoft
http://www.microsoft.com/technet/security/bulletin/ms06-031.mspx
FrSIRT
http://www.frsirt.com/english/advisories/2006/2328
SecurityFocus
http://www.securityfocus.com/bid/18389/
CVE Name
CVE-2006-2380
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
