SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows TCP/IP Stack Vendors:   Microsoft
Windows TCP/IP Stack IPv6 and Header Processing Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1023561
SecurityTracker URL:  http://securitytracker.com/id/1023561
CVE Reference:   CVE-2010-0239, CVE-2010-0240, CVE-2010-0241, CVE-2010-0242   (Links to External Site)
Date:  Feb 9 2010
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2; and prior service packs
Description:   A vulnerability was reported in the Windows TCP/IP Stack. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

A remote user can send a specially crafted IPv6 Router Advertisement packet to trigger a buffer overflow and execute arbitrary code on the target system [CVE-2010-0239]. The code will run with the privileges of the target service.

A remote user can send specially crafted Encapsulating Security Payloads (ESP) over UDP datagram fragments to a target system that is running a custom network driver to execute arbitrary code on the target system [CVE-2010-0240].

A remote user can send specially crafted ICMPv6 Route Information packets to trigger a buffer overflow and execute arbitrary code on the target system [CVE-2010-0241].

A remote user can send a TCP packet with a specially crafted selective acknowledgment (SACK) value to cause the target system to stop responding and restart [CVE-2010-0242].

Sumit Gwalani, Drew Hintz, and Neel Mehta of Google Security Team reported three of these vulnerabilities.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause the target system to stop responding and restart.

Solution:   The vendor has issued the following fixes:

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=71f03946-622c-4403-b94f-f6a3de18a8c3

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=519815fd-707d-476f-9e29-7b03b7a17af5

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=bc451228-3de4-427c-b42f-91f204c708b8

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=3a889152-5d7c-4a3e-b4f1-c6507b739ca0

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=1cd1882b-8e55-47ea-a82a-68bb59a500a7

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-009.mspx (Links to External Site)
Cause:   Boundary error, Exception handling error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC