[ISN] Microsoft warns of firewall vulnerability

From: InfoSec News (isnat_private)
Date: Sat Mar 22 2003 - 00:53:36 PST

  • Next message: InfoSec News: "[ISN] Feds Alert to Web Security Threat"

    http://www.computerworld.com/securitytopics/security/story/0,10801,79537,00.html
    
    By Paul Roberts
    IDG News Service
    MARCH 20, 2003
    
    Microsoft Corp. warned customers of another security vulnerability
    yesterday, this one affecting its Internet Security and Acceleration
    (ISA) Server 2000 firewall and Web cache product.
    
    A software flaw was found in the ISA Server's Domain Name Service
    (DNS) intrusion-detection application filter that could allow an
    attacker to launch a denial-of-service attack against the ISA Server
    that prevents that device from processing DNS requests.
    
    The ISA Server allows DNS requests to be passed from the Internet to
    an internal DNS server, a process known as DNS publishing. Application
    filters are used to analyze incoming data streams, including DNS
    requests. The filters enable the ISA Server to block, redirect or
    modify data as it passes through the firewall. For example, the
    filters could guard against attacks embedded in URLs, Microsoft said.
    
    Because of the flaw, a specially formed DNS request, encountered under
    what Microsoft termed "a specific circumstance," causes the DNS server
    publishing feature to stop responding. DNS requests received by the
    ISA Server after the denial-of-service attack would be stopped at the
    firewall, Microsoft said. Although other ISA Server functions would be
    unaffected by the failure of the DNS publishing component,
    administrators would need to restart the ISA server to recover from
    the denial-of-service attack, the company said.
    
    Microsoft rated the ISA Server vulnerability "moderate," saying that
    it could be used only in a denial-of-service attack and didn’t offer
    attackers the ability to disable the firewall or gain administrative
    control of the ISA Server.
    
    Microsoft provided a patch for the ISA Server vulnerability, MS03-009.
    
    The warning was the second such notice released yesterday and the
    third this week from the company.
    
    The other two alerts this week, both rated “critical,” concerned
    buffer overflow vulnerabilities in a Windows 2000 component that
    supports the World Wide Web Distributed Authoring and Versioning
    (WebDAV) protocol, and the Windows Script Engine, which is found in
    all of the company's supported Windows operating systems
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Mar 22 2003 - 03:10:23 PST