MS08-047: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote host IPsec policy processing could lead to information
disclosure.

Description :

The remote version of Windows contains a bug in its IPsec
implementation which might lead to information disclosure.

Specifically, when importing a Windows Server 2003 IPsec policy into a
Windows Server 2008 domain, the system could ignore the IPsec policies
and transmit the traffic in clear text.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms08-047

Solution :

Microsoft has released a set of patches for Windows Vista and Server
2008.

Risk factor :

Medium / CVSS Base Score : 5.4
(CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 4.5
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 33876 ()

Bugtraq ID: 30634

CVE ID: CVE-2008-2246