Alert: Microsoft Security Bulletin - MS03-012
From: Russ (Russ.Cooper@RC.ON.CA)
Date: 04/09/03
- Previous message: Russ: "Alert: Microsoft Security Bulletin - MS03-011"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Apr 2003 13:10:33 -0400 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
http://www.microsoft.com/technet/security/bulletin/MS03-012.asp
Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service (331066)
Originally posted: April 9, 2003
Summary
Who should read this bulletin: System administrators running Microsoft® Proxy Server 2.0 or Microsoft Internet Security and Acceleration (ISA) Server 2000.
Impact of vulnerability: Denial of Service.
Maximum Severity Rating: Important
Recommendation: System administrators should install the patch at the earliest available opportunity.
Affected Software:
- Microsoft Proxy Server 2.0
- Microsoft ISA Server
Technical description:
There is a flaw in the Winsock Proxy service in Microsoft Proxy Server 2.0, and the Microsoft Firewall service in ISA Server 2000, that would allow an attacker on the internal network to send a specially crafted packet that would cause the server to stop responding to internal and external requests. Receipt of such a packet would cause CPU utilization on the server to reach 100%, and thus make the server unresponsive.The Winsock Proxy service and Microsoft Firewall service work with FTP, telnet, mail, news, Internet Relay Chat (IRC), or other client applications that are compatible with Windows Sockets (Winsock). These services allow these applications to perform as if they were directly connected to the Internet. These services redirect the necessary communications functions to a Proxy Server 2.0 or ISA Server computer, thus establishing a communication path from the internal application to the Internet through it.
Mitigating factors:
- The vulnerability would not enable an attacker to gain any privileges on an affected Proxy Server 2.0 or ISA Server computer or compromise any cached content. It is strictly a denial of service.
- ISA Server computers running in cache mode are not affected because the Microsoft Firewall service is disabled by default.
Vulnerability identifier: CAN-2003-0110
This email is sent to NTBugtraq automatically as a service to my subscribers. (v1.18)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Have you discovered a security vulnerability related to Windows or a
commercial product which runs on Windows?
Need assistance crafting the format or translating your advisory to English?
Need to verify it, or having problems contacting the Vendor?
Contact mailto:Advisories@NTBugtraq.com
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Russ: "Alert: Microsoft Security Bulletin - MS03-011"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
