Detections
Analytics

MS08-047: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)

medium Nessus Plugin ID 33876

Language:

Synopsis

The remote host IPsec policy processing could lead to information disclosure.

Description

The remote version of Windows contains a bug in its IPsec implementation which might lead to information disclosure.

Specifically, when importing a Windows Server 2003 IPsec policy into a Windows Server 2008 domain, the system could ignore the IPsec policies and transmit the traffic in cleartext.

Solution

Microsoft has released a set of patches for Windows Vista and Server 2008.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-047

Plugin Details

Severity: Medium

ID: 33876

File Name: smb_nt_ms08-047.nasl

Version: 1.27

Type: local

Agent: windows

Published: 8/13/2008

Updated: 1/26/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 8/12/2008

Vulnerability Publication Date: 8/12/2008

Reference Information

CVE: CVE-2008-2246

BID: 30634

CWE: 200

IAVT: 2008-T-0038-S

MSFT: MS08-047

MSKB: 953733