Windows : Microsoft Bulletins : Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.801484

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS08-047.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS08-047.

Vulnerability Insight:
The flaw is caused by an error when the default IPsec policy is imported from
a Windows Server 2003 domain to a Windows Server 2008 domain, which could
cause all IPsec rules to be ignored and network traffic to be transmitted
in clear text.

Vulnerability Impact:
Successful exploitation will result in systems ignoring IPsec policies and
thus transmit data otherwise intended to be encrypted in clear text.

Affected Software/OS:
- Microsoft Windows Vista Service Pack 1 and prior

- Microsoft Windows Server 2008 Service Pack 1 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-2246
BugTraq ID: 30634
http://www.securityfocus.com/bid/30634
Cert/CC Advisory: TA08-225A
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
HPdes Security Advisory: HPSBST02360
http://marc.info/?l=bugtraq&m=121915960406986&w=2
HPdes Security Advisory: SSRT080117
Microsoft Security Bulletin: MS08-047
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6060
http://www.securitytracker.com/id?1020678
http://secunia.com/advisories/31411
http://www.vupen.com/english/advisories/2008/2351

Copyright Copyright (C) 2010 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.801484
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS08-047.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS08-047. Vulnerability Insight: The flaw is caused by an error when the default IPsec policy is imported from a Windows Server 2003 domain to a Windows Server 2008 domain, which could cause all IPsec rules to be ignored and network traffic to be transmitted in clear text. Vulnerability Impact: Successful exploitation will result in systems ignoring IPsec policies and thus transmit data otherwise intended to be encrypted in clear text. Affected Software/OS: - Microsoft Windows Vista Service Pack 1 and prior - Microsoft Windows Server 2008 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2246 BugTraq ID: 30634 http://www.securityfocus.com/bid/30634 Cert/CC Advisory: TA08-225A http://www.us-cert.gov/cas/techalerts/TA08-225A.html HPdes Security Advisory: HPSBST02360 http://marc.info/?l=bugtraq&m=121915960406986&w=2 HPdes Security Advisory: SSRT080117 Microsoft Security Bulletin: MS08-047 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6060 http://www.securitytracker.com/id?1020678 http://secunia.com/advisories/31411 http://www.vupen.com/english/advisories/2008/2351
Copyright	Copyright (C) 2010 Greenbone AG