ISS X-Force Database: win-vista-firewall-information-disclosure(35322): Microsoft Windows Vista firewall information disclosure

Microsoft Windows Vista firewall information disclosure

win-vista-firewall-information-disclosure (35322)

Low Risk

Description:

Microsoft Windows Vista could allow a remote attacker to obtain sensitive information, caused by a security weakness in the Teredo interface. Once a remote connection is established to the Teredo interface, the address is incorrectly identified as originating from the local subnet. This could allow a remote attacker to bypass firewall settings and possibly obtain sensitive information about the system.

Platforms Affected:

Microsoft, Windows Vista x64
Microsoft, Windows Vista

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS07-038. See References.

Consequences:

File Manipulation

References:

HPSBST02243 SSRT071446 rev.1, Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-036 to MS07-041 at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01112990&jumpid=reg_R1002_USEN.
Microsoft Security Bulletin MS07-038, Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807) at http://www.microsoft.com/technet/security/Bulletin/MS07-038.mspx.
SYMSA-2007-005, Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface at http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt.
ASA-2007-299: MS07-038 Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)
BID-24779: Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
CVE-2007-3038: The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.
SA26001: Windows Vista Firewall Teredo Blocking Rule Security Bypass
SECTRACK ID: 1018354: Windows Vista Firewall Teredo Interface Discloses Network Information to Remote Users and May Let Remote Users Bypass Firewall Rules
US-CERT VU#101321: Microsoft Windows Vista Teredo IPv6 interface firewall bypass vulnerability
VUPEN/ADV-2007-2480: Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability (MS07-038)

Reported:

Jul 10, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page