SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Windows Bug in Processing Pragmatic General Multicast Packets with an Invalid Fragment Option Lets Remote Users Deny Service
SecurityTracker Alert ID:  1020231
SecurityTracker URL:  http://securitytracker.com/id/1020231
CVE Reference:   CVE-2008-1441   (Links to External Site)
Updated:  Jun 14 2008
Original Entry Date:  Jun 10 2008
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, XP SP3, Vista SP1, 2008; and prior service packs
Description:   A vulnerability was reported in Windows Pragmatic General Multicast support. A remote user can cause denial of service conditions.

A remote user can send a Pragmatic General Multicast (PGM) protocol packet with a specially crafted fragment option value to cause the target system to become non-responsive for the duration of the attack.

Impact:   A remote user can cause the target system to become non-responsive for the duration of the attack.
Solution:   The vendor has issued the following fixes.

Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=36b14a81-5979-4e38-9ba3-ed83dfc17adf

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=36b14a81-5979-4e38-9ba3-ed83dfc17adf

Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=9e9d24ee-8183-428c-8067-168a8d85eaa1

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=1e8e2faf-009f-403b-a5fe-a47cf014db3a

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=78bf92d8-63c4-4596-8425-8fcfea7f5582

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=5b7e94fa-22ed-4f7c-b452-647b2e620113

Windows Vista and Windows Vista Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=ef2d2a4b-4831-41be-b5d0-8df5b01fd205

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=0839fcf4-85ca-445e-896b-f634b10b6700

Windows Server 2008 for 32-bit Systems*:

http://www.microsoft.com/downloads/details.aspx?familyid=0466a6e7-fdca-4647-af62-449e5f20d1e4

Windows Server 2008 for x64-based Systems*:

http://www.microsoft.com/downloads/details.aspx?familyid=304898e6-21a7-476f-b9ed-7ac0d88a91e2

Windows Server 2008 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=8907783b-e3fe-40b2-9fc8-4937e7d58b7e

* = Windows Server 2008 is not affected if installed using the Server Core installation option.

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-036.mspx

On June 14, 2008 (UTC), Microsoft issued an advisory warning that the System Center Configuration Manager 2007 may fail to deploy these updates to Systems Management Services (SMS) 2003 clients:

http://www.microsoft.com/technet/security/advisory/954474.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms08-036.mspx (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC