Vulnerabilities > CVE-2007-0069 - Remote Buffer Overflow vulnerability in Microsoft Windows 2003 Server, Windows Vista and Windows XP
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS08-001.NASL |
description | The remote version of Windows contains a version of the TCP/IP protocol that does not properly parse IGMPv3, MLDv2 and ICMP structure. An attacker may exploit these flaws to execute code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 29893 |
published | 2008-01-08 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/29893 |
title | MS08-001: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644) |
code |
|
Oval
accepted | 2011-11-14T04:00:27.961-05:00 | ||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||
description | Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." | ||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:5370 | ||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||
submitted | 2008-01-08T14:23:12 | ||||||||||||||||||||||||||||||||||||||||
title | Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability | ||||||||||||||||||||||||||||||||||||||||
version | 44 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 27100 CVE(CAN) ID: CVE-2007-0069 Microsoft Windows是微软发布的非常流行的操作系统。 Windows内核的TCP/IP实现(tcpip.sys)处理存储IGMPv3和MLDv2查询状态的TCP/IP结构的方式存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 匿名攻击者可以通过在网络上向计算机发送特制的IGMPv3和MLDv2报文来利用此漏洞。成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。 Microsoft Windows XP SP2 Microsoft Windows Vista Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 临时解决方法: * 禁止处理IGMP和MLD 1. 单击“开始”,单击“运行”,键入regedit,然后单击“确定”。 2. 展开 HKEY_LOCAL_MACHINE。 3. 依次展开SYSTEM、CurrentControlSet和Services。 4. 依次展开TCPIP、Parameters和IGMPLevel。 5. 将DWORD值更改为0。 注意:您必须重新启动系统以使更改生效。 * 在周边防火墙上阻止IGMP和MLD * 在Vista防火墙上阻止入站的IGMP和MLD 单击“控制面板”,单击“管理工具”,然后双击“高级安全Windows防火墙”。 阻止IGMP: 1. 选择“入站规则”。 2. 选择“核心网络 - Internet组管理协议(IGMP-In)”。 3. 右键单击“选择属性”。 4. 选择“阻止连接”。 阻止MLD: 1. 选择“入站规则”。 2. 选择“核心网络 - 多播侦听程序查询(ICMPv6-In)”。 3. 右键单击“选择属性”。 4. 选择“阻止连接”。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-001)以及相应补丁: MS08-001:Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx?pf=true</a> |
id | SSV:2795 |
last seen | 2017-11-19 |
modified | 2008-01-10 |
published | 2008-01-10 |
reporter | Root |
title | Microsoft Windows TCP/IP实现IGMP及MLD报文远程溢出漏洞(MS08-001) |
References
- http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-3-the-case-of-the-igmp-network-critical.aspx
- http://secunia.com/advisories/28297
- http://securitytracker.com/id?1019166
- http://www.iss.net/threats/282.html
- http://www.kb.cert.org/vuls/id/115083
- http://www.securityfocus.com/archive/1/486317/100/0/threaded
- http://www.securityfocus.com/bid/27100
- http://www.us-cert.gov/cas/techalerts/TA08-008A.html
- http://www.vupen.com/english/advisories/2008/0069
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39452
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39453
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5370