Published:
16 April 2001
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2001.154 -- Microsoft Security Bulletin MS01-021 Invalid Web Request Can Cause Access Violation in ISA Server Web Proxy Service 17 April 2001 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ISA Server Web Proxy service Vendor: Microsoft Impact: Denial of Service Access Required: Remote - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- - - ---------------------------------------------------------------------- Title: Invalid Web Request Can Cause Access Violation in ISA Server Web Proxy Service Date: 16 April 2001 Software: ISA Server 2000 Impact: Denial of service Bulletin: MS01-021 Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS01-021.asp. - - ---------------------------------------------------------------------- Issue: ====== The ISA Server Web Proxy service does not correctly handle web requests that contain a particular type of malformed argument. Processing such a request would result in an access violation, which would cause the Web Proxy service to fail. This would disrupt all ingoing and outgoing web proxy requests until the service was restarted. Mitigating Factors: ==================== - The vulnerability could be exploited from the Internet only if the Web Publishing feature were enabled. By default, this feature is disabled. - The vulnerability would not enable an attacker to breach the security of the firewall - that is, it would not enable the attacker to access protected resources or bypass the firewall. It would only enable the attacker to deny legitimate service to other users. - The vulnerability would only allow the Web Proxy service to be disrupted. Other ISA services would continue functioning normally. Patch Availability: =================== - A patch is available to fix this vulnerability. Please read Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-021.asp for information on obtaining this patch. Acknowledgment: =============== - Dr. Richard Reiner, Graham Wiseman, Matthew Siemens, and Kent Nicolson of FSC Internet Corp. / SecureXpert Labs (http://www.fscinternet.com / http://www.securexpert.com) - - --------------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. - -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQEVAwUBOtr/wI0ZSRQxA/UrAQHz5Af+M4dW0ZfY1DHnCCBYhPrIw19UCvcsUmnm yLFMWfbTHCn2DyIcnG5HmHbF3X1e1yItsj+6CDDs+Msw7tKOA7LwlLMSXLg4z4K+ ZMGEFbZtxKSpTj+4Wmna0OwaQ3MO/niai9ejB11ttNNDy0E3OaC7MZ2wLZpKKRya JYSNi8LECXSRc26egw1Tzdh4/fMDk0m9t+QXUCAg8x90jxOeVulNOt6OyjMYeqJS esQsyZlG8+kynhg77gwLSpIujsRPgtgM4h4Xtp87aj94niavJbkt0h2hKRwiL2QC UM6AO+GFmWpHR1rsEl3LSbQ3DIlcnqXqPufCI19CEURY0qaKqQD4kw== =JHPx - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the original authors to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBOtxiVih9+71yA2DNAQH4sgQAiK2HomeI7jS557auCTaC6TqWyqij7idU r94VAHeZw+OOEBu34QDyPX1q8NwzhaII9q2D5BZLX/nPOnRNKWvFebakI42B4TvG 2tp3wKJON09eVoMIyRl7ah+WXlu7N3bHlWRR82h4bljWc14EpF+OTYKqWguxwRjL uQwHsqfdmQc= =P+gc -----END PGP SIGNATURE-----