{"vuid":"VU#631516","idnumber":"631516","name":"Microsoft Routing and Remote Access does not properly handle RPC requests","keywords":["Microsoft","Routing and Remote Access","RRAS","remote code execution","buffer overflow","ms06-june","MS06-025"],"overview":"There is a vulnerability in the Microsoft Windows Routing and Remote Access Service that could allow an attacker to take control of the affected system.","clean_desc":"The Routing and Remote Access Service (RRAS) allows computers running the Windows 2000, XP, and Server 2003 operating systems to act as dial-up remote access server, virtual private network (VPN) server, Internet Protocol (IP) router, network address translator (NAT), and a dial-up and VPN site-to-site demand-dial router. RRAS replaced Remote Access Service (RAS) which was in Microsoft Windows NT. There is an buffer overflow in the way Routing and Remote Access service handles RPC requests. Microsoft reports that Windows 2000, Windows XP and Windows Server 2003 are vulnerable, but the RRAS service is not started by default on any platform except Windows 2000 Service Pack 4. Windows98 and Windows ME are not vulnerable. End-of-life Microsoft operating systems that use ICS (Internet Connection Sharing) may be vulnerable. Also, Microsoft ISA server requires the installation of a Windows 2000 or 2003 server operating system. Exploit code for this vulnerability is publicly available.","impact":"A remote attacker could execute arbitrary code on a vulnerable system. This includes installing programs, and viewing, changing, or deleting data. The attacker may also create a denial-of-service condition.","resolution":"Apply an Update Apply the updates found in MS06-025.","workarounds":"Restrict Access Restrict access to trusted hosts for ports 135/udp, 137/udp, 138/udp, 445/udp, 135/tcp, 139/tcp, 445/tcp, 593/tcp and any other ports used for RPC connections. Please see Microsoft Knowledgebase articles 826382, 309798, 313190, and 813878 for information about RPC ports and filtering. Disable Unnecessary Services Do not Enable the Routing and Remote Access Service if it is not needed.","sysaffected":"","thanks":"Thanks to Microsoft for the information provided in \nMS06-025","author":"This document was written by Ryan Giobbi.","public":["http://www.microsoft.com/technet/security/bulletin/ms06-025.mspx","http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfc_por_gdqc.asp","http://support.microsoft.com/kb/309798","http://support.microsoft.com/kb/313190","http://support.microsoft.com/kb/813878"],"cveids":["CVE-2006-2370"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-06-13T18:26:50Z","publicdate":"2006-06-13T00:00:00Z","datefirstpublished":"2006-06-13T21:55:39Z","dateupdated":"2006-07-31T18:12:39Z","revision":21,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"15","cam_exploitation":"1","cam_internetinfrastructure":"16","cam_population":"15","cam_impact":"19","cam_easeofexploitation":"7","cam_attackeraccessrequired":"1","cam_scorecurrent":"1.197","cam_scorecurrentwidelyknown":"1.38403125","cam_scorecurrentwidelyknownexploited":"2.09475","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.197,"vulnote":null}