SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Wireless 802.11 (Generic) Vendors:   Microsoft
Microsoft Wireless Network Connection Software May Broadcast Ad-Hoc SSID Information in Certain Cases
SecurityTracker Alert ID:  1015489
SecurityTracker URL:  http://securitytracker.com/id/1015489
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 15 2006
Impact:   Host/resource access via network
Exploit Included:  Yes  
Version(s): Windows 2000, 2003, XP
Description:   A vulnerability was reported in Microsoft's Wireless Network Connection software. A remote user within wireless networking range can connect to the target system in certain cases.

In certain cases, the target system may advertise an ad-hoc network, allowing a remote user within wireless networking range to connect to the target system.

This occurs when the target user's system is configured to connect to a wireless access point. When the target user is out of range of the wireless network and a remote user within range of the target user has an ad-hoc network with the same SSID as the target user's original access point, the target user's system will connect to the remote user's ad-hoc network. Later, if there is no network with that same SSID in range of the target user's system, the target user's system will advertise an ad-hoc network with that same SSID.

At that time, a remote user within range of the target system can connect to the target system.

Firewall software on the target system can prevent the remote user from accessing the target system.

The vendor was notified on October 13, 2005.

Simple Nomad reported this vulnerability.

The original advisory is available at:

http://www.nmrc.org/pub/advise/20060114.txt

Impact:   In certain cases, a remote user within wireless networking range of the target system can connect to the target system.
Solution:   No solution was available at the time of this entry. Microsoft plans to include a fix in the next service pack of the affected platforms.

The report indicates that several workarounds are available. The report is available at:

http://www.nmrc.org/pub/advise/20060114.txt

One of the workarounds is to configure the Wireless Network Connection properties for "Access point (infrastructure) networks only" to prevent connections to ad-hoc networks.

Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC