Title: Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
Severity: MODERATE
Description:
Windows Firewall for Windows Vista is the firewall solution shipped as part of the Microsoft Vista operating system; it is enabled by default. Teredo is an IPv4-to-IPv6 transition mechanism for IPv6-capable hosts that are located behind an IPv4 NAT.
The software is prone to a vulnerability that may permit a bypass of existing firewall rules. The problem occurs because the firewall fails to properly enforce rules when accepting traffic through the Teredo interface. Specifically, traffic routed through the Teredo interface is improperly treated as coming from the local network.
An attacker may trigger this vulnerability by sending malicious network data through the Teredo network transport system to obtain sensitive information; other attacks are also possible.
Note that Windows Vista systems configured with a 'Public' network profile are not vulnerable to this issue. A system configured with a 'Private' network profile will expose the TCP port 5357 through the Teredo interface.
Affected Products:
- Avaya CIE 1.0.2
- Microsoft Windows Vista
- Microsoft Windows Vista Beta 1
- Microsoft Windows Vista Business
- Microsoft Windows Vista Enterprise
- Microsoft Windows Vista Home Basic
- Microsoft Windows Vista Home Premium
- Microsoft Windows Vista Ultimate
- Microsoft Windows Vista beta
- Microsoft Windows Vista beta 2
- Microsoft Windows Vista x64 Edition
References:
- Avaya: ASA-2007-299 MS07-038 Vulnerability in Windows Vista Firewall Could Allow Inform
- Microsoft: MS07-038 - Vulnerability in Windows Vista Firewall Could Allow Information Discl
- Microsoft: Microsoft Windows Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
