Alert: Microsoft Security Bulletin - MS03-009
From: Russ (Russ.Cooper@RC.ON.CA)
Date: 03/19/03
- Previous message: Russ: "Revised: Microsoft Security Bulletin - MS03-007"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Mar 2003 14:38:37 -0500 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
http://www.microsoft.com/technet/security/bulletin/MS03-009.asp
Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of Service (331065)
Originally posted: March 19, 2003
Summary
Who should read this bulletin: System administrators running Microsoft® Internet Security and Acceleration (ISA) Server 2000.
Impact of vulnerability: Denial of Service
Maximum Severity Rating: Moderate
Recommendation: System administrators should consider installing the patch.
End User Bulletin: An end user version of this bulletin is available at: http://www.microsoft.com/security/security_bulletins/ms03-009.asp.
Affected Software:
- Microsoft ISA Server
Technical description:
Microsoft Internet Security and Acceleration (ISA) Server 2000 contains the ability to apply application filters to incoming traffic. Application filters allow ISA Server to analyze a data stream for a particular application and provide application-specific processing including inspecting, screening or blocking, redirecting, or modifying the data as it passes through the firewall. This mechanism is used to protect against invalid URLs which may indicate attempted attacks as well as attacks against internal Domain Name Service (DNS) Servers.
A flaw exists in the ISA Server DNS intrusion detection application filter, and results because the filter does not properly handle a specific type of request when scanning incoming DNS requests.
An attacker could exploit the vulnerability by sending a specially formed request to an ISA Server computer that is publishing a DNS server, which could then result in a denial of service to the published DNS server. DNS requests arriving at the ISA Server would be stopped at the firewall, and not passed through to the internal DNS server. All other ISA Server functionality would be unaffected.
Mitigating factors:
- By default, no DNS servers are published. DNS server publishing must be manually enabled.
- The vulnerability would not enable an attacker to gain any privileges on an affected ISA Server or the published DNS server or to compromise any cached content on the server. It is strictly a denial of service vulnerability.
Vulnerability identifier: CAN-2003-0011
This email is sent to NTBugtraq automatically as a service to my subscribers. (v1.18)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Prometric - More than testing, learning.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
http://www.prometric.com
Prometric, part of The Thomson Corporation, is the leader in
technology-enabled testing and assessment services for information
technology certification, academic admissions, professional licensure and
certifications, computer-based driver's licensing, and corporate testing.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Russ: "Revised: Microsoft Security Bulletin - MS03-007"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
