MS08-047: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)

medium Nessus Plugin ID 33876

Synopsis

The remote host IPsec policy processing could lead to information disclosure.

Description

The remote version of Windows contains a bug in its IPsec implementation which might lead to information disclosure.

Specifically, when importing a Windows Server 2003 IPsec policy into a Windows Server 2008 domain, the system could ignore the IPsec policies and transmit the traffic in cleartext.

Solution

Microsoft has released a set of patches for Windows Vista and Server 2008.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-047

Plugin Details

Severity: Medium

ID: 33876

File Name: smb_nt_ms08-047.nasl

Version: 1.27

Type: local

Agent: windows

Published: 8/13/2008

Updated: 1/26/2022

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 8/12/2008

Vulnerability Publication Date: 8/12/2008

Reference Information

CVE: CVE-2008-2246

BID: 30634

CWE: 200

MSFT: MS08-047

MSKB: 953733

IAVT: 2008-T-0038-S