7.8 - VU#101321

Executive Summary

Summary
Title	Microsoft Windows Vista Teredo IPv6 interface firewall bypass vulnerability

Informations
Name	VU#101321	First vendor Publication	2007-07-10
Vendor	VU-CERT	Last vendor Modification	2007-07-11
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#101321

Microsoft Windows Vista Teredo IPv6 interface firewall bypass vulnerability

Overview

A vulnerability in the Microsoft Windows Vista firewall may allow an attacker to send unfiltered IPv6 traffic to a vulnerable system.

I. Description

Internet Protocol version 6 (IPv6) is an IP standard that is designed to replace the Internet Protocol version 4 (IPv4). The Microsoft Teredo service is used by Microsoft Windows Vista, XP, and Server 2003 to allow clients with only IPv4 connectivity to obtain and use publicly routable IPv6 addresses.

The Teredo service must be manually enabled by an administrator in Windows XP and Server 2003. The Teredo service is enabled by default in Windows Vista, but is not activated until an application requests an IPv6 address.

The Windows firewall does not properly apply stateful packet inspection rules to incoming Teredo traffic.

Note that the Teredo service may create a tunnel through perimeter firewalls, bypassing access control lists and content inspection filtering. See RFC 4380 section 7.1 for more details.

II. Impact

A remote, unautheticated attacker may be able to send unsolicited and unfiltered IPv6 traffic to a vulnerable system.

III. Solution

Update

Microsoft has released an update to address this issue. Users are encourgaed to review Microsoft Security Bulletin MS07-038 and take appropriate action.

Disable Teredo

Disabling the Teredo service will mitigate this vulnerability. See Microsoft Security Bulletin MS07-038 for information on how to disable Teredo.

Systems Affected

Vendor	Status	Date Updated
Microsoft Corporation	Vulnerable	10-Jul-2007

References

http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx
http://tools.ietf.org/html/rfc4380#section-7.1
http://en.wikipedia.org/wiki/IPv6
http://www.microsoft.com/technet/network/ipv6/teredo.mspx
http://www.symantec.com/avcenter/reference/Teredo_Security.pdf

Credit

Thanks to Symantec and Microsoft for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public	07/10/2007
Date First Published	07/10/2007 08:44:33 PM
Date Last Updated	07/11/2007
CERT Advisory
CVE Name	CVE-2007-3038
Metric	1.35
Document Revision	13

Original Source

Url : http://www.kb.cert.org/vuls/id/101321

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1884

Oval ID:	oval:org.mitre.oval:def:1884
Title:	Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability
Description:	The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-3038	Version:	1
Platform(s):	Microsoft Windows Vista	Product(s):
Definition Synopsis:
Windows Vista (32-bit) Microsoft Windows Vista (32-bit) is installed AND firewallapi.dll version is less than 6.0.6000.16501 OR Windows Vista x64 Microsoft Windows Vista x64 Edition is installed AND firewallapi.dll version is less than 6.0.6000.16501

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows Vista cpe:2.3:o:microsoft:windows_vista:::x64:::::* cpe:2.3:o:microsoft:windows_vista::::::::	2

OpenVAS Exploits

Date	Description
2011-01-14	Name : Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability File : nvt/gb_ms07-038.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
35952	Microsoft Windows Vista Teredo Crafted IPv6 Traffic Blocking Rule Bypass

Snort® IPS/IDS

Date	Description
2014-01-10	Inbound Teredo traffic detected RuleID : 12068 - Revision : 6 - Type : POLICY-OTHER
2014-01-10	Outbound Teredo traffic detected RuleID : 12067 - Revision : 6 - Type : POLICY-OTHER
2014-01-10	Inbound Teredo traffic detected RuleID : 12066 - Revision : 7 - Type : POLICY-OTHER
2014-01-10	Outbound Teredo traffic detected RuleID : 12065 - Revision : 6 - Type : POLICY-OTHER

Nessus® Vulnerability Scanner

Date	Description
2007-07-10	Name : The remote Windows Vista system contains a firewall that is affected by an in... File : smb_nt_ms07-038.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2015-05-08 13:27:58	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	2
osvdb(s)	1
Openvas Exploit(s)	1
Snort® Rule(s)	4
Nessus® Exploit(s)	1

	Related
7.8	MS07-038
7.8	CVE-2007-3038
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)