HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-54
TCP/IP Remote Code Execution Vulnerability

Original Issue Date : June 14, 2006

Severity Rating: Medium

Systems Affected:

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Overview

Remote code execution vulnerability exists in the TCP/IP Protocol driver that could allow an attacker to take complete control of the affected system.

Description:

IP source routing is a mechanism which allows the sender to determine the IP route that a datagram should take through the network.

An unchecked buffer in the TCP/IP Protocol driver could allow remote code execution of this vulnerability. An attacker could try to exploit the vulnerability by creating a specially crafted network packet and sending the packet to an affected system.

Machines on which Routing and Remote Access has been enabled are primarily at risk from this vulnerability.

Workarounds:

  • Block IP packets containing IP source route options 131 and 137 at the firewall
  • Use a personal firewall and block the affected ports by using IPSec on the affected systems.
  • Disable IP Source Routing

Solution:

Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS06-032

Vendor Information:

Microsoft:
http://www.microsoft.com/technet/security/bulletin/ms06-032.mspx

References:

Security Focus:
http://www.securityfocus.com/bid/18374

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2379

US-CERT:
http://www.kb.cert.org/vuls/id/722753

FrSIRT:
http://www.frsirt.com/english/advisories/2006/2329

Secunia:
http://secunia.com/advisories/20639

CVE Name
CVE-2006-2379

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003