Preemptive Protection against Microsoft IP Validation Vulnerability (MS05-019)
|Category:||Remote Code Execution|
Microsoft Windows 98
Microsoft Security Bulletin MS05-19
A vulnerability exists in the way Microsoft Windows operating systems process IP (Internet Protocol) packets, caused by improper validation of IP network packets. This flaw may allow a malicious user to send a specially crafted packet, causing a denial of service and in some cases, remote code execution.
The Internet Protocol (IP) is the most widely used communication protocol on the Internet. By sending a crafted IP packet to a vulnerable system, an attacker may create a denial of service condition, and in some cases, a remote execution of arbitrary code. The malformed packet must include IP option values which can pass the initial IP validation checks of the Windows operating system's IP stack. The vulnerability may be triggered only after the packet has passed the initial validation tests.
Users of VPN-1 NG with Application Intelligence R54 and later versions who have applied the solution outlined below, will be able to detect attempts to exploit this vulnerability. SmartView Tracker will generate he following log entry:
Users of VPN-1 NG with Application Intelligence R54 and later versions are preemptively protected against this vulnerability, as VPN-1 drops IP packets with IP options by default.
Users should verify that VPN-1 generates log entries for dropped packets with IP options:
1. On the SmartDashboard, click Policy > Global Properties.