=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN517
_____________________________________________________________________

DATE                      : 11/10/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP, Windows Server 2003 running IPv6.

======================================================================
http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx


MS06-064 - Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service
            (922819)

Affected Software:

   - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

   - Microsoft Windows XP Professional x64 Edition

   - Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
     Pack 1

   - Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
     Windows Server 2003 with SP1 for Itanium-based Systems

   - Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:

   - Microsoft Windows 2000 Service Pack 4

- From Microsoft Security Bulletin MS06-064:

   Vulnerability Details:

   ICMP Connection Reset Vulnerability - CVE-2004-0790:

   A denial of service vulnerability exists in the IPv6 Windows implementation
   of the Internet Control Message Protocol (ICMP). An attacker who successfully
   exploited this vulnerability could cause the affected system to drop an
   existing TCP connection.

   TCP Connection Reset Vulnerability - CVE-2004-0230:

   A denial of service vulnerability exists in the IPv6 Windows implementation
   of TCP. An attacker who successfully exploited this vulnerability could cause
   the affected system to drop an existing TCP connection.

   Spoofed Connection Request Vulnerability - CVE-2005-0688:

   A denial of service vulnerability exists in Windows in the IPv6
   implementation of TCP/IP. An attacker who successfully exploited this
   vulnerability could cause the affected system to stop responding.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================