Re: FW: SurfControl Web Filter for Microsoft ISA Server Vulnerability

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 20 Jun 2003 12:53:54 -0500

Hi Jim,

EXACTLY. There's got to be a way to certify the apps running on The
Firewall.  I'm definitely in your camp on this one.

Thanks!
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Friday, June 20, 2003 9:56 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: FW: SurfControl Web Filter for Microsoft ISA
Server Vulnerability


http://www.ISAserver.org


Isn't that just freakin' peachy...?
Here's exactly what I need to get the "ISA-Logo-certified" program
pushed
through...

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Han Valk" <Han.Valk@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 19, 2003 21:31
Subject: [isalist] FW: SurfControl Web Filter for Microsoft ISA Server
Vulnerability


http://www.ISAserver.org




-----Original Message-----
From: thomas adams [mailto:tgadams@xxxxxxxxxxxxx]
Sent: Thursday, June 19, 2003 16:12
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SurfControl Web Filter for Microsoft ISA Server Vulnerability




SurfControl Web Filter for Microsoft ISA Server Vulnerability





Package: SurfControl Web Filter for Microsoft ISA

Vendor Web Site: http://www.surfcontrol.com

Version: 4.2.0.21

Platforms: Windows 2000 Server

Local: No

Remote: Yes

Fix Available: No (recommended steps listed below)

Vendor Contacted: Sunday, June 08, 2003

Advisory Author: Thomas Adams (tgadams@xxxxxxxxxxxxx)







Background:

SurfControl Web Filter is a url filtering system, designed to be easily

deployed onto most networks. SurfControl for Microsoft ISA is a plugin

the allows the Microsoft ISA server to have more control over the

internet usage. The plugin still allows most of the same benefits from

the stand alone product including: customizable reporting, easy admin

interface, and the remote interface for report retrieval.





Exploit:

An attacker is able to view/download any file from the server using a

directory traversal attack:



http://isa-surfserver:8888/.../.../.../.../winnt/





Vendor Response:

SurfControl team was notified concerning the above vulnerability.

SurfControl had previous knowledge that this existed on the stand alone

SurfControl platforms, but did not know it existed on the plugin for

Microsoft ISA. They recommended disabling the reports server and said it

is turned on by default for "convenience to users."  Convenience before

security from a leader in filter products?



To disable the report server, go to Admin Tools> Services> and stop

SurfControl Web Filter Report Server



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » FW: SurfControl Web Filter for Microsoft ISA Server Vulnerability
• » Re: FW: SurfControl Web Filter for Microsoft ISA Server Vulnerability
• » Re: FW: SurfControl Web Filter for Microsoft ISA Server Vulnerability

1. Home
2. isalist
3. Archive
4. 06-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---