search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft IP Source Route Vulnerability

Vulnerability Note VU#722753

Original Release Date: 2006-06-13 | Last Revised: 2006-06-13

Overview

A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Source routing is a technique to determine the network route for a packet based on information supplied by the sender in the IP packet. The TCP/IP driver in some versions of Microsoft Windows contains a buffer overflow in the handling of packets with source routing information. The driver fails to validate the length of a message before it is passed to an allocated buffer. Microsoft states that IP packets containing IP source route options 131 and 137 could be used to initiate a connection with the affected components.

Impact

A remote attacker with the ability to supply a specially crafted packet may be able to execute arbitrary code on an affected system. The attacker-supplied code would be executed with kernel privileges.

Solution

Apply a patch

Microsoft has published patches for this issue in Microsoft Security Bulletin MS06-032. Users are encouraged to review this bulletin and apply the patches it refers to.

Workarounds


In addition to the patches, Microsoft has also published a number of workarounds for this issue in Microsoft Security Bulletin MS06-032. Users, particularly those who are unable to apply the patch, are encouraged to implement these workarounds.

Vendor Information

722753
 
Affected   Unknown   Unaffected

Microsoft Corporation

Updated:  June 13, 2006

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft has published Microsoft Security Bulletin MS06-032 in response to this issue. Users are encouraged to review this bulletin and apply the patches it refers to.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, credits Andrey Minaev with reporting this vulnerability to them.

This document was written by Chad R Dougherty.

Other Information

CVE IDs: CVE-2006-2379
Severity Metric: 38.27
Date Public: 2006-06-13
Date First Published: 2006-06-13
Date Last Updated: 2006-06-13 19:26 UTC
Document Revision: 5

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.