VPN Flaw Could Clear Way for Hackers

By Dennis Fisher  |  Posted 2002-09-27 Print this article Print

Austrian security company says flaw in VPN service included with Windows 2000 and XP could let attackers through corporate firewalls.

There is a serious flaw in the VPN service included with Windows 2000 and XP that could provide an attacker with a clear path through corporate firewalls, according to an Austrian security company. The VPN (virtual private network) client and server that ship with Windows 2000 and XP use the PPTP (point-to-point tunneling protocol) for secure transmissions between remote clients and the server inside the firewall. Researchers at Phion Information Technologies have found a way to send a specially crafted PPTP packet to the server, which results in a buffer overrun. The exploit would result in the attackers data overwriting a portion of the machines kernel memory, Phion said in its bulletin.
However, a Microsoft spokesman said the companys Security Response Center has been unable to reproduce the code-execution exploit. As of Friday afternoon, the company was still investigating the issue.
Phion also said it had used the exploit to cause a denial-of-service on machines running Windows 2000 Service Pack 3 or XP. Microsoft has not issued a patch for the vulnerability. If what Phion says is true, the vulnerability is potentially a very damaging one. VPNs are typically used by remote corporate workers who need secure access to their companies networks. An attacker exploiting this flaw would have a clear, secure tunnel directly into the heart of a vulnerable network. Phion posted its advisory to the BugTraq security mailing list Thursday. Related Stories:
  • FrontPage Flaw Lets Hackers In
  • Microsoft Posts Steps to Change XP Keys
  • More Security Coverage

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel