Windows Bug in Processing Pragmatic General Multicast Packets with an Invalid Fragment Option Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1020231
|
|
SecurityTracker URL: http://securitytracker.com/id?1020231
|
|
CVE Reference: CVE-2008-1441
(Links to External Site)
|
Updated: Jun 14 2008
|
Original Entry Date: Jun 10 2008
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Microsoft Security Bulletin
|
Version(s): 2003 SP2, XP SP3, Vista SP1, 2008; and prior service packs
|
Description: A vulnerability was reported in Windows Pragmatic General Multicast support. A remote user can cause denial of service conditions.
A remote user can send a Pragmatic General Multicast (PGM) protocol packet with a specially crafted fragment option value to cause the target system to become non-responsive for the duration of the attack.
|
Impact: A remote user can cause the target system to become non-responsive for the duration of the attack.
|
Solution: The vendor has issued the following fixes.
Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=36b14a81-5979-4e38-9ba3-ed83dfc17adf
Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=36b14a81-5979-4e38-9ba3-ed83dfc17adf
Windows
XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=9e9d24ee-8183-428c-8067-16
8a8d85eaa1
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=1e8e2faf-009f-403b-a5
fe-a47cf014db3a
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=78bf92d
8-63c4-4596-8425-8fcfea7f5582
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based
Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=5b7e94fa-22ed-4f7c-b452-647b2e620113
Windows Vista and Windows
Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=ef2d2a4b-4831-41be-b5d0-8df5b01fd205
Windows
Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=0839fcf4-85ca-445e-896b-f634b10b6700
Window
s Server 2008 for 32-bit Systems*:
http://www.microsoft.com/downloads/details.aspx?familyid=0466a6e7-fdca-4647-af62-449e5f20d1e4
Windows
Server 2008 for x64-based Systems*:
http://www.microsoft.com/downloads/details.aspx?familyid=304898e6-21a7-476f-b9ed-7ac0d88a91e2
Windows
Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=8907783b-e3fe-40b2-9fc8-4937e7d58b7e
*
= Windows Server 2008 is not affected if installed using the Server Core installation option.
A restart is required.
The Microsoft
advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-036.mspx
On June 14, 2008 (UTC), Microsoft
issued an advisory warning that the System Center Configuration Manager 2007 may fail to deploy these updates to Systems Management
Services (SMS) 2003 clients:
http://www.microsoft.com/technet/security/advisory/954474.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-036.mspx (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 10 Jun 2008 15:43:03 -0400
Subject: Microsoft Security Bulletin MS08-036 Important: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
|
http://www.microsoft.com/technet/security/bulletin/ms08-036.mspx
CVE-2008-1440
CVE-2008-1441
|
|
