From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 11 Jul 2007 12:01:42 +0200
Subject: [NT] Vulnerability in Windows Vista Firewall Allows Information Disclosure (MS07-038)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20070711093227.DDDF15933@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerability in Windows Vista Firewall Allows Information Disclosure
(MS07-038)
------------------------------------------------------------------------
SUMMARY
This moderate security update resolves a privately reported vulnerability.
This vulnerability could allow incoming unsolicited network traffic to
access a network interface. An attacker could potentially gather
information about the affected host.
DETAILS
Vulnerable Systems:
*
<http://www.microsoft.com/downloads/details.aspx?FamilyId=e9b64746-6afa-4a30-833d-e058e000c821>; Windows Vista
*
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0df5d190-3ad7-42d5-8629-43c47ec450cb>; Windows Vista x64 Edition
Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability
- CVE-2007-3038
There is an information disclosure vulnerability in Windows Vista that
could allow a remote anonymous attacker to send inbound network traffic to
the affected system. It would be possible for the attacker to gain
information about the system over the network.
Workarounds for Windows Vista Firewall Blocking Rule Information
Disclosure Vulnerability - CVE-2007-3038
Workaround refers to a setting or configuration change that does not
correct the underlying vulnerability but would help block known attack
vectors before you apply the update. Microsoft has tested the following
workarounds and states in the discussion whether a workaround reduces
functionality:
* Disable Teredo
You can help protect against this vulnerability by disabling the Teredo
transport mechanisum. This prevents Teredo from being used as a transport
or mechanism to traverse the NAT. To do this, follow these steps:
1. Right-click on the Runmenu item and choose Run as elevated.
2. In the Run box, type Netshintter set st disable
* Disable Teredo by modifying the registry.
Teredo can also be disabled by modifying the Windows registry. Create the
following registry value to disable Teredo as a transport mechanism.
Note Using Registry Editor incorrectly can cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee
that problems resulting from the incorrect use of Registry Editor can be
solved. Use Registry Editor at your own risk. For information about how to
edit the registry, view the "Changing Keys And Values" Help topic in
Registry Editor (Regedit.exe) or view the "Add and Delete Information in
the Registry" and "Edit Registry Data" Help topics in Regedt32.exe
1. Start, click Run, type regedit" (without the quotation marks), and then
click OK.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\
* DisabledComponents.
* 0x8 to disable Teredo.
Impact of Workaround: If you disable Teredo, depending on network
configuration, applications that use the Teredo interface will not
function or be accessible.
* Block inbound and outbound Teredo UDP traffic using a Windows Vista
Firewall setting.
A custom firewall rule can be created that blocks all Teredo related
traffic from communicating with the affected system. To do this, follow
these steps:
1. Click Control Panel, click Classic View.
2. Click Administrative Tools and then Double-click Windows Firewall with
Advanced Security.
3. Select Inbound Rules.
4. Select CoreNetworking - Teredo (UDP-In).
5. Right click, select Properties.
6. Select Block the connections .
7. Select Outbound Rules.
8. Select Core Networking - Teredo (UDP-Out).
9. Right click, select Properties.
10. Select Block the connections .
Impact of Workaround: If you block Teredo network traffic using the custom
Windows Firewall rule, applications that use the Teredo interface will not
function properly or be accessible.
* Block Teredo UDP outbound traffic on perimeter firewalls.
Blocking all outbound UDP traffic destined to port 3544 at the network
perimeter will disallow affected Vista systems from communicating with
external attempts to exploit the vulnerability.
Impact of Workaround: Depending on network configuration, applications
that use the Teredo interface will not function or be accessible outside
of the network perimeter.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3038>;
CVE-2007-3038
ADDITIONAL INFORMATION
The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/Bulletin/ms07-038.mspx>;
http://www.microsoft.com/technet/security/Bulletin/ms07-038.mspx
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
