Windows TCP/IP Stack Flaws Let Remote Users Execute Arbitrary Code and Deny Service
|
|
SecurityTracker Alert ID: 1022845 |
|
SecurityTracker URL: http://securitytracker.com/id/1022845
|
|
CVE Reference:
CVE-2009-1925, CVE-2009-1926
(Links to External Site)
|
Updated: Sep 10 2009
|
Original Entry Date: Sep 8 2009
|
Impact:
Denial of service via network, Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2000 SP4, 2003 SP2, Vista SP2, 2008 SP2, XP SP3; and prior service packs
|
Description:
A vulnerability was reported in the Microsoft Windows TCP/IP Stack. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.
A remote user can send TCP packets with specially crafted timestamp values to cause the TCP/IP stack to reference an arbitrary field as a function pointer and execute arbitrary code on the target system [CVE-2009-1925]. The code will run with System privileges.
A remote user can send specially crafted TCP packets with a small or zero TCP receive window size to prevent the target system from closing the TCP connection [CVE-2009-1926]. This can be exploited to cause the system to stop responding to new requests. Felix Lindner of Recurity Labs GmbH reported this vulnerability.
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can cause denial of service conditions.
|
Solution:
The vendor has issued the following fixes:
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=48d82036-2fde-4bb0-a60e-92eed83ddc3f
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=e0298ddf-026e-4137-8197-ed9d9b889825
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=c948c4d8-5788-4c1a-9fb6-a969b06a888d
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=7d72f845-9feb-4685-a669-f9d6ab54f9ed
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=b2930ff1-5f0a-4a5d-bf2a-9fb76dd8da63
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=35c1d5a9-a953-4fc6-90c0-d2358c7b89e6
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=6e46822e-f79d-492d-ad01-ee680ad324f5
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=2ac76ee2-b1b6-4300-9cba-af33d9dd54eb
A restart is required.
On September 9, 2009, Microsoft updated their Bulletin to indicate that Windows XP SP3 (and prior service packs) is affected. Microsoft does not plan to issued a fix for Windows XP because no listening services are configured by default and, therefore, the default configuration is not affected.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms09-048.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms09-048.mspx (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 8 Sep 2009 13:40:10 -0400
Subject: http://www.microsoft.com/technet/security/bulletin/ms09-048.mspx
|
Microsoft Security Bulletin MS09-048 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
CVE-2008-4609
CVE-2009-1925
CVE-2009-1926
|
|
