Title: Microsoft Vista Spoofed LLTD HELLO Packet Security Restriction Bypass Vulnerability
Severity: HIGH
Description:
The Microsoft Windows Vista operating system is prone to a security-restriction-bypass vulnerability because it fails to properly sanitize user-supplied packet-level data.
The LLTD protocol operates over wired (802.3 Ethernet) and wireless (802.11) media. LLTD enables device discovery via the data-link layer and determines the topology of a network.
The 'MW' characteristic is a single bit (bit 28) in an LLTD 'HELLO' network packet used in Vista communications with hosts on the local network. This bit is set when a device has a web-based administrative interface, accessible via the HTTP protocol.
A 'TLV' type 0x07 field, also in an LLTD 'HELLO' network packet, contains the IPV4 network address of the host that is transmitting this packet.
Attackers may craft a malicious 'HELLO' packet containing the 'MW' characteristic and a spoofed 'TLV' type 0x07 field to cause a malicious remote host to connect to and communicate with the Vista LLTD mapper service.
Attackers can exploit this issue to bypass the security restrictions enforced by Vista and to gain unauthorized access to restricted sites.
Affected Products:
- Microsoft Windows Vista
- Microsoft Windows Vista Beta 1
- Microsoft Windows Vista Business
- Microsoft Windows Vista December CTP
- Microsoft Windows Vista Enterprise
- Microsoft Windows Vista Home Basic
- Microsoft Windows Vista Home Premium
- Microsoft Windows Vista Ultimate
- Microsoft Windows Vista beta
- Microsoft Windows Vista beta 2
References:
- Microsoft: Microsoft Windows Homepage
- Symantec: Windows Vista Network Attack Surface Analysis
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
