CERT-In Vulnerability Note CIVN-2007-83
Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability

Original Issue Date: July 11, 2007

Severity Rating: Low


Systems Affected

•  Windows Vista
•  Windows Vista x64 Edition

Overview

An Information disclosure vulnerability exists in Windows Vista which could allow an attacker to gain information about the vulnerable system and be able to identify it's existence on the network.

Description

Teredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind one or multiple IPv4 network address translators (NATs). To traverse IPv4 NATs, IPv6 packets are sent as IPv4-based User Datagram Protocol (UDP) messages.

On Windows Vista, network traffic is handled incorrectly through the Teredo interface which causes some firewall rules to be bypassed. Successful exploitation of this vulnerability could bypass some of the firewall rules of an affected system by tricking a user into clicking on specially crafted link containing an IPv6 address causing the Teredo interface to be activated.

Solution

Apply appropriate updates as mentioned in the Microsoft Security Bulletin MS07-038

Vendor information

Microsoft:
http://www.microsoft.com/technet/security/Bulletin/ms07-038.mspx

References

Secunia:
http://secunia.com/advisories/26001/

Security Tracker:
http://securitytracker.com/alerts/2007/Jul/1018354.html

FrSirt:
http://www.frsirt.com/english/advisories/2007/2480

SecurityFocus:
http://www.securityfocus.com/bid/24779/

Symantec:
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-005.txt

CVE Name:
CVE-2007-3038

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003