Dear Andrey, can you give your comments on why vulnerability that looks so dangerous according to description (remote kernel-level buffer overflow in ICMP processing, according to MS) rated "high", not "critical"? Are there are mitigating factors for Windows 2003 with RRAS enabled or any RRAS installation is vulnerable? P.S. last instruction I've got was to publish information only after vendor's fix. I did :) --Wednesday, June 28, 2006, 11:01:51 PM, you wrote to 3APA3A@xxxxxxxxxxxxxxxx: Ì> Hi All, Ì> At the request Microsoft I have not published the additional Ì> information. I did not think, that the ZARAZA will publish simple POC Ì> without my consent but to that to be, that to not pass. Denis you can Ì> check up you system simple POC code from a site of the ZARAZA, only if Ì> configuration system corresponds Windows 2000 + NAT a server. In all Ì> other cases with services RRAS (Routing, VPN, Dialup Access) it will Ì> not work. Ì> Tuesday, June 27, 2006, 1:28:03 PM, you wrote: >> Dear Denis Jedig, >> Simple PoC and original message from Andrey Minaev, dated February, 2006 >> in Russian with short translation to English) are available from >> http://www.security.nnov.ru/Fnews753.html DJ>>> As known, Microsoft did announce a security vulnerability concerning an DJ>>> overflow within the TCP/IP stack implementation when source routing DJ>>> fields are used: DJ>>> http://www.microsoft.com/technet/security/bulletin/MS06-032.mspx -- ~/ZARAZA http://www.security.nnov.ru/
