[NT] Microsoft ISA Server 2000 DoS

From: SecuriTeam (support_at_securiteam.com)
Date: 06/02/05

  • Next message: SecuriTeam: "[TOOL] DISE - Distributed Idle Scanning Engine"
    To: list@securiteam.com
    Date: 2 Jun 2005 15:49:46 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Microsoft ISA Server 2000 DoS
    ------------------------------------------------------------------------

    SUMMARY

    " <http://www.microsoft.com/isaserver/default.mspx> Microsoft Internet
    Security and Acceleration (ISA) Server is the advanced stateful packet and
    application-layer inspection firewall, virtual private network (VPN), and
    Web cache solution that enables enterprise customers to easily maximize
    existing information technology (IT) investments by improving network
    security and performance."

    Microsoft Internet Security and Acceleration Server's Firewall crashes
    when heavy network traffic is received from a SecureNAT client.

    DETAILS

    Vulnerable Systems:
     * SA Server 2000 and ISA Server 2000 Service Pack 2 (SP2) Wspsrv.exe
    version 3.0.1200.411 and prior

    Workaround:
    Limit the size of traffic being handled by the ISA server for each
    SecureNAT client contacting it.

    Disclosure Timeline:
    01-06-2005 - Vulnerability researched
    02-06-2005 - Security companies and several CERT units contacted, advisory
    published, link to advisory sent to security companies and several CERT
    units

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:juha-matti.laurio@netti.fi>
    Juha-Matti Laurio .
    The original article can be found at:
    <http://www.networksecurity.fi/advisories/windows-isa-firewall.html>
    http://www.networksecurity.fi/advisories/windows-isa-firewall.html
    The vendor advisory can be found at :
    <http://support.microsoft.com/kb/894864/EN-US/>
    http://support.microsoft.com/kb/894864/EN-US/

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: SecuriTeam: "[TOOL] DISE - Distributed Idle Scanning Engine"

    Relevant Pages

    • [NT] CitectSCADA ODBC Service Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... are distributed in over 80 countries through a network of more than 500 ... A vulnerability was found in CitectSCADA that could allow a remote ...
      (Securiteam)
    • [NEWS] Wonderware SuiteLink Denial of Service Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Vendor Information, Solutions and Workarounds ... Core sends the advisory draft to Wonderware support team. ...
      (Securiteam)
    • [Full-disclosure] CORE-2009-0820 - Dnsmasq Heap Overflow and Null-pointer Derefe
      ... Core Security Technologies - CoreLabs Advisory ... Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server ... Herederos de Don Pablo" of Core Security Technologies. ...
      (Full-Disclosure)
    • CORE-2009-0820 - Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server
      ... Core Security Technologies - CoreLabs Advisory ... Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server ... Herederos de Don Pablo" of Core Security Technologies. ...
      (Bugtraq)
    • Re: [Full-disclosure] Full-Disclosure Digest, Vol 79, Issue 21
      ... See MS advisory for full list of affected products. ... Seeker Research Center Security Advisory ... This vulnerability was discovered by Seeker? ... The request also contains other parameters required by the page, the vulnerable parameter being the parameter noted above. ...
      (Full-Disclosure)