Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Vulnerability in Windows Vista Firewall Allows Information Disclosu

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Vulnerability in Windows Vista Firewall Allows Information Disclosure (MS07-038)
Date: 11 Jul 2007 12:01:42 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Vulnerability in Windows Vista Firewall Allows Information Disclosure 
(MS07-038)
------------------------------------------------------------------------


SUMMARY

This moderate security update resolves a privately reported vulnerability. 
This vulnerability could allow incoming unsolicited network traffic to 
access a network interface. An attacker could potentially gather 
information about the affected host.

DETAILS

Vulnerable Systems:
 *  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=e9b64746-6afa-4a30-833d-e058e000c821>
 Windows Vista
 *  
<http://www.microsoft.com/downloads/details.aspx?FamilyId=0df5d190-3ad7-42d5-8629-43c47ec450cb>
 Windows Vista x64 Edition

Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability 
- CVE-2007-3038
There is an information disclosure vulnerability in Windows Vista that 
could allow a remote anonymous attacker to send inbound network traffic to 
the affected system. It would be possible for the attacker to gain 
information about the system over the network.

Workarounds for Windows Vista Firewall Blocking Rule Information 
Disclosure Vulnerability - CVE-2007-3038
Workaround refers to a setting or configuration change that does not 
correct the underlying vulnerability but would help block known attack 
vectors before you apply the update. Microsoft has tested the following 
workarounds and states in the discussion whether a workaround reduces 
functionality:

 * Disable Teredo
You can help protect against this vulnerability by disabling the Teredo 
transport mechanisum. This prevents Teredo from being used as a transport 
or mechanism to traverse the NAT. To do this, follow these steps:

1. Right-click on the Runmenu item and choose Run as elevated.

2. In the Run box, type Netshintter set st disable

 * Disable Teredo by modifying the registry.
Teredo can also be disabled by modifying the Windows registry. Create the 
following registry value to disable Teredo as a transport mechanism.

Note Using Registry Editor incorrectly can cause serious problems that may 
require you to reinstall your operating system. Microsoft cannot guarantee 
that problems resulting from the incorrect use of Registry Editor can be 
solved. Use Registry Editor at your own risk. For information about how to 
edit the registry, view the "Changing Keys And Values" Help topic in 
Registry Editor (Regedit.exe) or view the "Add and Delete Information in 
the Registry" and "Edit Registry Data" Help topics in Regedt32.exe

1. Start, click Run, type regedit" (without the quotation marks), and then 
click OK.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\

 * DisabledComponents.

 * 0x8 to disable Teredo.

Impact of Workaround: If you disable Teredo, depending on network 
configuration, applications that use the Teredo interface will not 
function or be accessible.

 * Block inbound and outbound Teredo UDP traffic using a Windows Vista 
Firewall setting.
A custom firewall rule can be created that blocks all Teredo related 
traffic from communicating with the affected system. To do this, follow 
these steps:

1. Click Control Panel, click Classic View.

2. Click Administrative Tools and then Double-click Windows Firewall with 
Advanced Security.

3. Select Inbound Rules.

4. Select CoreNetworking - Teredo (UDP-In).

5. Right click, select Properties.

6. Select Block the connections .

7. Select Outbound Rules.

8. Select Core Networking - Teredo (UDP-Out).

9. Right click, select Properties.

10. Select Block the connections .

Impact of Workaround: If you block Teredo network traffic using the custom 
Windows Firewall rule, applications that use the Teredo interface will not 
function properly or be accessible.

 * Block Teredo UDP outbound traffic on perimeter firewalls.
Blocking all outbound UDP traffic destined to port 3544 at the network 
perimeter will disallow affected Vista systems from communicating with 
external attempts to exploit the vulnerability.

Impact of Workaround: Depending on network configuration, applications 
that use the Teredo interface will not function or be accessible outside 
of the network perimeter.

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3038> 
CVE-2007-3038


ADDITIONAL INFORMATION

The information has been provided by Microsoft Product Security.
The original article can be found at:  
<http://www.microsoft.com/technet/security/Bulletin/ms07-038.mspx> 
http://www.microsoft.com/technet/security/Bulletin/ms07-038.mspx



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Vulnerability in Windows Vista Firewall Allows Information Disclosure (MS07-038), SecuriTeam <=
Previous by Date:  [NT] Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface, SecuriTeam
Next by Date:  [REVS] Having Fun with Sensor Appliance Proventia GX5108 and GX5008 Insecurities (Part One), SecuriTeam
Previous by Thread:  [NT] Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface, SecuriTeam
Next by Thread:  [REVS] Having Fun with Sensor Appliance Proventia GX5108 and GX5008 Insecurities (Part One), SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]