MS06-032: Source routing buffer overflow

Published: 2006-06-13
Last Updated: 2006-06-13 19:22:16 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
MS06-032 - KB 917953

While Microsoft rates this as important only, we at the Internet Storm Center feel that it is very critical. It is easy to exploit this. One (spoofed) packet could allow an attacker to "own" a vulnerable system. The TCP/IP stack is vulnerable to a buffer overflow in the handling of source routed packets.

While some firewalls might protect from this, consider systems that are used on the road such as in airport, hotels, ... so they must be protected now.

Workarounds:
  • Block packets with source routing options in the firewall. According to Microsoft "IP source route options 131 and 137" are the dangerous ones, but why would you allow source routing through your firewall anyway?
  • Personal firewall might help as well
  • Disable source routing in windows by setting a registry key (see the Microsoft bulletin for details) [highly recommended action, even if you patched already]
This vulnerability is covered in CVE-2005-2379.

--
Swa Frantzen -- section 66


Keywords:
0 comment(s)

Comments


Diary Archives