Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA26001] Windows Vista Firewall Teredo Blocking Rule Security Bypass



;-)

> ----------------------------------------------------------------------
>
> TITLE:
> Windows Vista Firewall Teredo Blocking Rule Security Bypass
>
> SECUNIA ADVISORY ID:
> SA26001
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/26001/
>
> CRITICAL:
> Not critical
>
> IMPACT:
> Security Bypass
>
> WHERE:
> From remote
>
> OPERATING SYSTEM:
> Microsoft Windows Vista
> http://secunia.com/product/13223/
>
> DESCRIPTION:
> A security issue has been reported in Windows Vista, which can be
> exploited by malicious people to bypass certain security
> restrictions.
>
> The problem is caused due to an error in the handling of the Teredo
> transport mechanism resulting in network traffic being handled
> incorrectly though the Teredo interface. This may result in certain
> firewall rules being bypassed.
>
> Successful exploitation may disclose certain information about a
> system and its existence, but requires that the system's network
> profile is not set to "Public" and that a user e.g. is tricked into
> clicking a specially crafted link.
>
> SOLUTION:
> Apply patches.
>
> Windows Vista:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=e9b64
> 746-6afa-4a30-833d-e058e000c821
>
> Windows Vista x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=0df5d
> 190-3ad7-42d5-8629-43c47ec450cb
>
> PROVIDED AND/OR DISCOVERED BY:
> Jim Hoagland and Ollie Whitehouse, Symantec.
>
> ORIGINAL ADVISORY:
> MS07-038 (KB935807):
> http://www.microsoft.com/technet/security/Bulletin/MS07-038.mspx
>
> Symantec:
> http://www.symantec.com/content/en/us/enterprise/research/SYMS
> A-2007-005.txt
>



 




Copyright © Lexa Software, 1996-2009.