Overview
Microsoft Windows implementations of the TCP/IP protocol fail to properly validate IGMP packets, leading to a denial-of-service condition.
Description
TCP and IGMP The Transmission Control Protocol (TCP) is defined in RFC 793 as a means to provide reliable host-to-host transmission between hosts in a packet-switched computer network. The Internet Group Management Protocol version 3 (IGMPv3) is defined in RFC 3376 as a protocol to help manage multicast connections over the internet. |
Impact
By sending a specially crafted IGMPv3 packet to a vulnerable system, an unauthenticated, remote attacker could cause that system to stop responding. |
Solution
Apply an Update Microsoft has addressed this issue in Microsoft Security Bulletin MS06-007. |
Please see Microsoft Security Bulletin MS06-007 for a list of workarounds to mitigate this vulnerability. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported in Microsoft Security Bulletin MS06-007. Microsoft credits Douglas Nascimento of Datacom with providing information regarding this issue.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2006-0021 |
| Severity Metric: | 21.00 |
| Date Public: | 2006-02-14 |
| Date First Published: | 2006-02-14 |
| Date Last Updated: | 2006-02-19 13:38 UTC |
| Document Revision: | 20 |