Tuesday, November 25, 2008 9:32 AM
cmosby
Windows Vista "CreateIpForwardEntry2()" Memory Corruption Vulnerability - Secunia
Windows Vista "CreateIpForwardEntry2()" Memory Corruption Vulnerability
| Secunia Advisory: | SA32791 | |
| Release Date: | 2008-11-24 |
| Popularity: | 902 views |
|
| Critical: | 
Not critical |
| Impact: | DoS
|
| Where: | Local system |
| Solution Status: | Unpatched |
|
| OS: | Microsoft Windows Vista
|
|
| Subscribe: | Instant alerts on relevant vulnerabilities  |
|
Description:
A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to the "CreateIpForwardEntry2()" function not properly limiting the length of the IP address prefix of the destination IP address passed via the "MIB_IPFORWARD_ROW2" structure. This can be exploited to cause a buffer overflow and e.g. crash a vulnerable system.
Successful exploitation requires that the attacker is a member of the "Network Configuration Operators Group".
The vulnerability is reported in Microsoft Windows Vista Enterprise (32 bit and 64 bit) and Microsoft Windows Vista Ultimate (32 bit and 64 bit). Other versions may also be affected.
Solution:
Only add trusted users to the "Network Configuration Operators Group".
Provided and/or discovered by:
Marius Wachtler, Michael Burgbacher, Carson Hounshell, Michael Craggs, and Thomas Unterleitner of phion AG
Original Advisory:
http://marc.info/?l=bugtraq&m=122711627932563&w=2 |
Filed under: Patch Management, Microsoft Windows, Security