Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: MS06-032: Source routing buffer overflow - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-032: Source routing buffer overflow
MS06-032 - KB 917953

While Microsoft rates this as important only, we at the Internet Storm Center feel that it is very critical. It is easy to exploit this. One (spoofed) packet could allow an attacker to "own" a vulnerable system. The TCP/IP stack is vulnerable to a buffer overflow in the handling of source routed packets.

While some firewalls might protect from this, consider systems that are used on the road such as in airport, hotels, ... so they must be protected now.

Workarounds:
  • Block packets with source routing options in the firewall. According to Microsoft "IP source route options 131 and 137" are the dangerous ones, but why would you allow source routing through your firewall anyway?
  • Personal firewall might help as well
  • Disable source routing in windows by setting a registry key (see the Microsoft bulletin for details) [highly recommended action, even if you patched already]
This vulnerability is covered in CVE-2005-2379.

--
Swa Frantzen -- section 66


Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!