CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.0%
Added: 06/30/2006
CVE: CVE-2006-2370
BID: 18325
OSVDB: 26437
The Routing and Remote Access Service (RRAS) allows a Windows computer to act as a router, dial-up access server, VPN server, or network address translator.
A buffer overflow in RRAS allows remote attackers to execute arbitrary commands.
Apply the patch referenced in Microsoft Security Bulletin 06-025.
<http://www.kb.cert.org/vuls/id/631516>
The Remote Access Connection Manager service must be running in order for this exploit to succeed.
On Windows 2000, the Routing and Remote Access service must also be running and configured, and valid Windows login credentials are required. (Credentials are not required on Windows XP.)
The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for performing Windows authentication, which is a requirement for successful exploitation on Windows 2000. These packages are available from <http://cpan.org/modules/by-module/>.
Windows 2000
Windows XP