Alerts
Alerts
Zero-Day Tracker
Common Name:
Internet Connection Sharing DoS
Date Disclosed:
10/28/2006
Expected Patch Release:
Unknown
Vendor:
Microsoft
Application:
Windows XP
Description:
A denial of service vulnerability exists within the Internet Connection Sharing service in Microsoft Windows XP. This vulnerability allows a LAN-side attacker to send a specialy-crafted DNS request to a vulnerable host in order to cause a denial of service for the ICS service, which also includes the Windows firewall service, potentially fostering further exploitation when the firewall is taken offline.
Severity:
Medium
Code Execution:
No
Impact:
Remote Shutdown of Windows Firewall from LAN
Thus vulnerability allows for the remote shutdown of the Windows firewall from the LAN side. This attack does not serve as a critical impact vulnerability, but could be used to foster a wider-range of exploitation once the Windows Firewall is disabled. This vulnerability cannot be exploited across the Internet (WAN) side of the network.
Mitigation:
The only form of mitigation for this vulnerability is to deny service to the Internet Connection Sharing Service by disabling the service, or blocking udp/53 on the host running ICS.
Protection:
CVE-2006-5614
First Public PoC Code Disclosure (Denial of Service)
Common Name:
Internet Connection Sharing DoS
Date Disclosed:
10/28/2006
Expected Patch Release:
Unknown
Vendor:
Microsoft
Application:
Windows XP
Description:
A denial of service vulnerability exists within the Internet Connection Sharing service in Microsoft Windows XP. This vulnerability allows a LAN-side attacker to send a specialy-crafted DNS request to a vulnerable host in order to cause a denial of service for the ICS service, which also includes the Windows firewall service, potentially fostering further exploitation when the firewall is taken offline.
Severity:
Medium
Code Execution:
No
Impact:
Remote Shutdown of Windows Firewall from LAN
Thus vulnerability allows for the remote shutdown of the Windows firewall from the LAN side. This attack does not serve as a critical impact vulnerability, but could be used to foster a wider-range of exploitation once the Windows Firewall is disabled. This vulnerability cannot be exploited across the Internet (WAN) side of the network.
Mitigation:
The only form of mitigation for this vulnerability is to deny service to the Internet Connection Sharing Service by disabling the service, or blocking udp/53 on the host running ICS.
Protection:
- eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.
CVE-2006-5614
First Public PoC Code Disclosure (Denial of Service)
