Windows TCP/IP Stack IPv6 and Header Processing Bugs Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1023561 |
|
SecurityTracker URL: http://securitytracker.com/id/1023561
|
|
CVE Reference:
CVE-2010-0239, CVE-2010-0240, CVE-2010-0241, CVE-2010-0242
(Links to External Site)
|
Date: Feb 9 2010
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Vista SP2, 2008 SP2; and prior service packs
|
Description:
A vulnerability was reported in the Windows TCP/IP Stack. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.
A remote user can send a specially crafted IPv6 Router Advertisement packet to trigger a buffer overflow and execute arbitrary code on the target system [CVE-2010-0239]. The code will run with the privileges of the target service.
A remote user can send specially crafted Encapsulating Security Payloads (ESP) over UDP datagram fragments to a target system that is running a custom network driver to execute arbitrary code on the target system [CVE-2010-0240].
A remote user can send specially crafted ICMPv6 Route Information packets to trigger a buffer overflow and execute arbitrary code on the target system [CVE-2010-0241].
A remote user can send a TCP packet with a specially crafted selective acknowledgment (SACK) value to cause the target system to stop responding and restart [CVE-2010-0242].
Sumit Gwalani, Drew Hintz, and Neel Mehta of Google Security Team reported three of these vulnerabilities.
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can cause the target system to stop responding and restart.
|
Solution:
The vendor has issued the following fixes:
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=71f03946-622c-4403-b94f-f6a3de18a8c3
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=519815fd-707d-476f-9e29-7b03b7a17af5
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=bc451228-3de4-427c-b42f-91f204c708b8
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=3a889152-5d7c-4a3e-b4f1-c6507b739ca0
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=1cd1882b-8e55-47ea-a82a-68bb59a500a7
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-009.mspx (Links to External Site)
|
Cause:
Boundary error, Exception handling error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 09 Feb 2010 19:16:44 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx
|
Microsoft Security Bulletin MS10-009 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
CVE-2010-0239
CVE-2010-0240
CVE-2010-0241
CVE-2010-0242
|
|
