|
| |
|
Security Intelligence Operations
Microsoft Windows Pragmatic General Multicast Fragmented Packet Processing Denial of Service Vulnerability |
| |
| Vulnerability Alert | Powered by  |
|
|
| Threat Type: | Unintended Weakness: Denial of Service |
|
| IntelliShield ID: | 16004 |
| Version: | 2 |
| First Published: | June 10, 2008 03:00 PM EDT |
| Last Published: | June 12, 2008 03:21 PM EDT |
| Vector: | Network |
| Authentication: | None |
| Exploit: | Unproven |
| Port: |
Not Available
|
| CVE: | CVE-2008-1441 |
 BugTraq ID: | 29556 |
| |
| Urgency: |
Unlikely Use
|  |
| Credibility: |
Confirmed
|  |
| Severity: |
Mild Damage
|  |
| CVSS Base: | 5.4 |
CVSS Calculator
CVSS Version 2
|
| CVSS Temporal: | 4.0 |
|
|
| |
| Version Summary: | IntelliShield has updated this alert to include common vulnerability identification information. |
| |
| |
| Description |
|
Microsoft Windows XP SP3 and prior, Windows Server 2003 SP2 and prior, Windows Vista SP1 and prior, and Windows Server 2008 contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
This vulnerability exists due to an error in processing fragmented Pragmatic General Multicast (PGM) packets. An unauthenticated, remote attacker could exploit this vulnerability by sending a malicious stream of multicast packets to an affected system. The affected system may become unresponsive as a result of processing the packets, resulting in a DoS condition.
Microsoft has confirmed this vulnerability in a security bulletin and released software updates that correct it. |
| |
| Warning Indicators |
|
The following applications are vulnerable:
-
Windows XP SP3 and prior
-
Windows XP Professional x64 Edition SP2 and prior
-
Windows Server 2003 SP2 and prior
-
Windows Server 2003 x64 Edition SP2 and prior
-
Windows Server 2003 for Itanium-based Systems with SP2 and prior
-
Windows Vista SP1 and prior
-
Windows Vista x64 Edition SP1 and prior
-
Windows Server 2008 for 32-bit Systems
-
Windows Server 2008 for 64-bit Systems
-
Windows Server 2008 for Itanium-based Systems |
| |
| IntelliShield Analysis |
|
To exploit this vulnerability, an attacker must send a stream of network packets to a targeted system. Attackers may require access to internal networks in order to send packets to a system. An exploit could allow the attacker to cause the affected system to become unresponsive. A system will be unresponsive only while the packet stream continues.
Because multicast packets typically cannot be passed across untrusted networks such as the Internet, it is likely that an attacker will require the ability to connect directly to the trusted network, either directly or using a Multicast VPN (MVPN).
The update available from Microsoft corrects this vulnerability by performing validation on fragmented packet options.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities disclosed in this month's Microsoft security bulletin release that can be identified or mitigated using Cisco devices. This Cisco bulletin is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for June 2008 |
| |
| Vendor Announcements |
|
Microsoft has released a security bulletin at the following link: MS08-036 |
|
| |
| Impact |
|
An unauthenticated, remote attacker could exploit this vulnerability to cause the affected system to become unresponsive, resulting in a DoS condition. |
| |
| Technical Information |
|
Attackers who can submit packets to a listening multicast group could exploit this vulnerability.
This vulnerability exists due to an error when the affected system processes fragmented Pragmatic General Multicast (PGM) packets. The system does not properly handle a stream of packets that contain fragmented options. The system may become unresponsive while it attempts to process a stream of packets.
An unauthenticated, remote attacker could exploit this vulnerability by sending a stream of malicious packets to the affected system. The system may be unable to respond to other requests while it processes the PGM packets. The DoS condition persists only as long as a stream of packets is received, which requires an attacker to maintain open communications with a target system to continue an attack. |
| |
| Safeguards |
|
Administrators are advised to apply the appropriate software updates.
Administrators are advised to restrict network access to affected systems.
Administrators may consider removing the affected component from affected systems.
Administrators are advised to monitor critical systems for service failures that may indicate exploitation. |
| |
| Patches/Software |
|
Microsoft has released updated software at the following links:
|
|
| |
| Alert History |
| |
Version 1, June 10, 2008, 3:00 PM: Microsoft Windows contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are available. |
|
Product Sets |
| |
The security vulnerability applies to the following combinations of products.
|
|
LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. |
|
|
| |
