Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» NewBlueFx TotalFX Windows-FL | 1.11 GB
Tue Dec 17, 2013 12:42 pm by titquarra

» NewBlueFx TotalFX Windows-FL | 1.11 GB
Tue Dec 17, 2013 12:42 pm by titquarra

» Celebrity.Sex.Tape.UNCUT.&.UNRATED.2012.720p.BRrip.x264.YIFY.mp4
Tue Dec 17, 2013 8:32 am by titquarra

» Maya Autodesk Personal Learning Edition 8.5
Tue Dec 17, 2013 7:47 am by titquarra

» Tuyệt Kỹ Đong Giai Chân Kinh (tuyệt Kỹ cua trai)
Thu Aug 23, 2012 5:38 am by Admin

» Tuyệt kỹ cua giai
Thu Aug 23, 2012 5:36 am by Admin

» NETCAT.........
Mon Aug 13, 2012 6:35 am by Admin

» Bảo mật CSDL bằng phương pháp mã hóa.
Tue Apr 17, 2012 10:04 pm by Admin

» Hàm mã hóa MD5 bằng JavaScript
Tue Apr 17, 2012 10:03 pm by Admin

Shopmotion


Affiliates
free forum


Từ chối dịch vụ (DoS) trong Microsoft ProxyServer, and Internet Security and Acceleration

View previous topic View next topic Go down

Từ chối dịch vụ (DoS) trong Microsoft ProxyServer, and Internet Security and Acceleration

Post  Admin on Wed Mar 28, 2012 11:36 pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 04.09.03:
http://www.idefense.com/advisory/04.09.03.txt
Denial of Service in Microsoft Proxy Server 2.0 and Internet Security
and
Acceleration Server 2000
April 9, 2003

I. BACKGROUND

Microsoft Corp.'s Internet Security and Acceleration Server (ISA)
Server
integrates an extensible, multi-layer enterprise firewall and a
scalable
high-performance web cache. It builds on Microsoft Windows 2000
security
and directory for policy-based security, acceleration and management of
internetworking. More information is available at
http://www.microsoft.com/isaserver/ . MS Proxy 2.0 is the predecessor
to
ISA Server, more information is available at
http://www.microsoft.com/isaserver/evaluation/previousversions/default.asp
.

II. DESCRIPTION

A vulnerability exists in ISA Server and MS Proxy 2.0 that allows
attackers to cause a denial-of-service condition by spoofing a
specially
crafted packet to the target system. Another impact of this
vulnerability
is the capability of a remote attacker to generate an infinite packet
storm between two unpatched systems implementing ISA Server or MS Proxy
2.0 over the Internet.

Both ISA Server and MS Proxy 2.0, by default, install a WinSock Proxy
(WSP) service wspsrv.exe, designed for testing and diagnostic purposes.
The WSP service creates a User Datagram Protocol socket bound to port
1745. A specially crafted packet can cause WSP to generate a continuous
flood of requests and reply requirements.

III. ANALYSIS

In the case of the attack scenario for an internal LAN attacker causing
a
denial of service, this malformed packet must meet the following
criteria:

* The source and destination IP are the same as the ISA Server.
* The source and destination port is 1745.
* The data field is specially crafted and resembles the request
format.

An attacker with access to the LAN can anonymously generate a specially
crafted UDP packet that will cause the target ISA Server to fall into a
continuous loop of processing request and reply packets. This will
cause
the ISA Server to consume 100 percent of the underlying system's CPU
usage. It will continue to do so until the system reboots or the
WinSock
Proxy (WSP) service restarts.

In the case of the attack scenario of a remote attacker causing a
packet
storm between two systems running ISA Server or MS Proxy 2.0, the
malformed packet must meet the following criteria:

* The source IP is one of the targets
* The destination IP is the other target
* The source and destination port is 1745.
* The data field is specially crafted and resembles the request
format.

IV. DETECTION

iDEFENSE has verified that Microsoft ISA Server 2000 and MS Proxy 2.0
are
both vulnerable to the same malformed packet characteristics described
above.

Wspsrv.exe is enabled by default in Proxy Server 2.0. The Microsoft
Firewall server is enabled by default in ISA Server firewall mode and
ISA
Server integrated mode installations. It is disabled in ISA Server
cache
mode installations.

V. WORKAROUND

To prevent the second attack scenario, apply ingress filtering on the
Internet router on UDP port 1745 to prevent a malformed packet from
reaching the ISA Server and causing a packet storm.

VI. RECOVERY

Restart either the WinSock Proxy Service or the affected system to
resume
normal operation.

VII. VENDOR FIX/RESPONSE

Microsoft has provided fixes for Proxy Server 2.0 and ISA Server at
http://www.microsoft.com/technet/security/bulletin/MS03-012.asp .

VIII. CVE INFORMATION

The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project
has
assigned the identification number CAN-2003-0110 to this issue.

IX. DISCLOSURE TIMELINE

01/23/2003 Issue disclosed to iDEFENSE
02/24/2003 security@microsoft.com contacted
02/24/2003 Response from Iain Mulholland, MSRC
02/25/2003 iDEFENSE clients notified
03/03/2003 Status request from iDEFENSE
03/11/2003 Status request from iDEFENSE
03/11/2003 Response from Iain Mulholland, MSRC
03/13/2003 Status request from iDEFENSE
03/18/2003 Status request from iDEFENSE
03/18/2003 Response from Iain Mulholland, MSRC
03/24/2003 Status request from iDEFENSE
03/25/2003 Response from Iain Mulholland, MSRC
04/09/2003 Public Disclosure



Get paid for security research
http://www.idefense.com/contributor.html

Subscribe to iDEFENSE Advisories:
send email to listserv@idefense.com, subject line: "subscribe"


About iDEFENSE:

iDEFENSE is a global security intelligence company that proactively
monitors sources throughout the world — from technical
vulnerabilities and hacker profiling to the global spread of viruses
and other malicious code. Our security intelligence services provide
decision-makers, frontline security professionals and network
administrators with timely access to actionable intelligence
and decision support on cyber-related threats. For more information,
visit http://www.idefense.com/ .


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPpR3/frkky7kqW5PEQKypwCdGfcO0FcsIAohajEwZMfnZrmGYh4AoMc5
S+jzjh3evev/30oPRtg/1W75
=N1F/
-----END PGP SIGNATURE-----


Admin
Admin

Tổng số bài gửi : 782
Join date : 2009-08-15

View user profile http://hackis.forumotion.com

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum