{"vuid":"VU#238064","idnumber":"238064","name":"Microsoft Remote Installation Service Writable Path Vulnerability","keywords":["Microsoft","Remote Installation Service","RIS","TFTP","ms06-dec"],"overview":"A vulnerability in the way Microsoft Remote Installation Service handles TFTP may allow a remote, unauthorized attacker to create or overwrite arbitrary operating system files.","clean_desc":"Microsoft Remote Installation Service contains a vulnerability in the way that it provides TFTP access. According to Microsoft Security Bulletin ms06-077: The vulnerability is caused by allowing anonymous access to the file structure of a hosted operating system build through the RIS TFTP service. Note that this vulnerability has only been reported to affect Microsoft Windows 2000. Microsoft Remote Installation Service is not installed on Microsoft Windows 2000 by default.","impact":"A remote, unauthenticated attacker may be able to create or overwrite operating system files hosted on the Microsoft Remote Installation Service server, allowing for the insertion of backdoors or other malicious code. As a result, any system subsequently managed by or installed from the vulnerable Remote Installation Server would be fully compromised.","resolution":"Update\nMicrosoft has released an update to address this issue. See Microsoft Security Bulletin ms06-077 for more details.","workarounds":"Apply a Workaround Restrict write access to the TFTP service\nBlock UDP port 69\nDisable the TFTP service See Microsoft Security Bulletin ms06-077 for more details.","sysaffected":"","thanks":"This vulnerability was reported in Microsoft Security Bulletin \nms06-077 Microsoft credits Nicolas Ruff for reporting this issue.","author":"This document was written by Chris Taschner.","public":["http://www.microsoft.com/technet/security/bulletin/ms06-077.mspx","http://secunia.com/advisories/23312/"],"cveids":["CVE-2006-5584"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-12-12T19:41:53Z","publicdate":"2006-12-12T00:00:00Z","datefirstpublished":"2006-12-14T21:10:27Z","dateupdated":"2007-01-05T20:36:20Z","revision":16,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"12","cam_population":"15","cam_impact":"16","cam_easeofexploitation":"13","cam_attackeraccessrequired":"18","cam_scorecurrent":"28.431","cam_scorecurrentwidelyknown":"33.696","cam_scorecurrentwidelyknownexploited":"54.756","ipprotocol":"udp","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":28.431,"vulnote":null}