[ISN] Simple attack hurts Microsoft server product

From: InfoSec News (isnat_private)
Date: Tue Apr 17 2001 - 22:29:57 PDT

  • Next message: InfoSec News: "[ISN] Accubyte leaves customer credit card details exposed"

    http://news.cnet.com/news/0-1003-200-5643775.html?tag=mn_hd
    
    By Stephen Shankland
    Staff Writer, CNET News.com
    April 17, 2001, 3:30 p.m. PT
    
    A Microsoft Windows 2000 server software package can be crashed by
    sending it a comparatively simple request for a Web page, a security
    firm has discovered.
    
    SecureXpert Labs reported the vulnerability in Microsoft's Internet
    Security and Accelerator (ISA) software, which is used to protect
    internal networks from outside attackers and to bridge internal
    networks with the public Internet.
    
    Microsoft acknowledged the problem Monday and issued a patch.
    
    An attacker can take advantage of the vulnerability by sending the
    server a request to view a Web page with an unusually large
    address--for example, one with the letter A repeated 3,000 times,
    SecureXpert Labs said. Sending such a request will prevent the ISA
    software from letting computers inside its network view outside Web
    pages or letting outside computers view inside pages.
    
    While the vulnerability wouldn't permit an attacker to take over a
    company's server, it could be used to make a Web page inaccessible to
    the public, Microsoft said.
    
    In the array of possible methods to attack a server, this type is very
    simple and easily launched.
    
    Though analysts agree the newer Windows 2000 operating system is more
    secure than its predecessors, Microsoft still faces a host of security
    problems. For example, future versions of its Outlook e-mail software
    will ban many file types in an effort to prevent the spread of viruses
    that can reproduce quickly because of tight integration between
    different Microsoft products.
    
    The ISA software must be restarted to restore the service, but the
    server doesn't need to be rebooted, Microsoft said.
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 23:09:01 PDT