Windows RRAS memory corruption vulnerability

Added: 06/30/2006
CVE: CVE-2006-2370
BID: 18325
OSVDB: 26437

Background

The Routing and Remote Access Service (RRAS) allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator.

Problem

A buffer overflow in RRAS allows remote attackers to execute arbitrary commands.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 06-025.

References

http://www.kb.cert.org/vuls/id/631516

Limitations

The Remote Access Connection Manager service must be running in order for this exploit to succeed.

On Windows 2000, the Routing and Remote Access service must also be running and configured, and valid Windows login credentials are required. (Credentials are not required on Windows XP.)

The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for performing Windows authentication, which is a requirement for successful exploitation on Windows 2000. These packages are available from http://cpan.org/modules/by-module/.

Platforms

Windows 2000
Windows XP

Back to exploit index