MS06-032: Source routing buffer overflow
MS06-032 - KB 917953
While Microsoft rates this as important only, we at the Internet Storm Center feel that it is very critical. It is easy to exploit this. One (spoofed) packet could allow an attacker to "own" a vulnerable system. The TCP/IP stack is vulnerable to a buffer overflow in the handling of source routed packets.
While some firewalls might protect from this, consider systems that are used on the road such as in airport, hotels, ... so they must be protected now.
Workarounds:
--
Swa Frantzen -- section 66
While Microsoft rates this as important only, we at the Internet Storm Center feel that it is very critical. It is easy to exploit this. One (spoofed) packet could allow an attacker to "own" a vulnerable system. The TCP/IP stack is vulnerable to a buffer overflow in the handling of source routed packets.
While some firewalls might protect from this, consider systems that are used on the road such as in airport, hotels, ... so they must be protected now.
Workarounds:
- Block packets with source routing options in the firewall. According to Microsoft "IP source route options 131 and 137" are the dangerous ones, but why would you allow source routing through your firewall anyway?
- Personal firewall might help as well
- Disable source routing in windows by setting a registry key (see the Microsoft bulletin for details) [highly recommended action, even if you patched already]
--
Swa Frantzen -- section 66
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments