Hi Jim, EXACTLY. There's got to be a way to certify the apps running on The Firewall. I'm definitely in your camp on this one. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, June 20, 2003 9:56 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: FW: SurfControl Web Filter for Microsoft ISA Server Vulnerability http://www.ISAserver.org Isn't that just freakin' peachy...? Here's exactly what I need to get the "ISA-Logo-certified" program pushed through... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Han Valk" <Han.Valk@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, June 19, 2003 21:31 Subject: [isalist] FW: SurfControl Web Filter for Microsoft ISA Server Vulnerability http://www.ISAserver.org -----Original Message----- From: thomas adams [mailto:tgadams@xxxxxxxxxxxxx] Sent: Thursday, June 19, 2003 16:12 To: bugtraq@xxxxxxxxxxxxxxxxx Subject: SurfControl Web Filter for Microsoft ISA Server Vulnerability SurfControl Web Filter for Microsoft ISA Server Vulnerability Package: SurfControl Web Filter for Microsoft ISA Vendor Web Site: http://www.surfcontrol.com Version: 4.2.0.21 Platforms: Windows 2000 Server Local: No Remote: Yes Fix Available: No (recommended steps listed below) Vendor Contacted: Sunday, June 08, 2003 Advisory Author: Thomas Adams (tgadams@xxxxxxxxxxxxx) Background: SurfControl Web Filter is a url filtering system, designed to be easily deployed onto most networks. SurfControl for Microsoft ISA is a plugin the allows the Microsoft ISA server to have more control over the internet usage. The plugin still allows most of the same benefits from the stand alone product including: customizable reporting, easy admin interface, and the remote interface for report retrieval. Exploit: An attacker is able to view/download any file from the server using a directory traversal attack: http://isa-surfserver:8888/.../.../.../.../winnt/ Vendor Response: SurfControl team was notified concerning the above vulnerability. SurfControl had previous knowledge that this existed on the stand alone SurfControl platforms, but did not know it existed on the plugin for Microsoft ISA. They recommended disabling the reports server and said it is turned on by default for "convenience to users." Convenience before security from a leader in filter products? To disable the report server, go to Admin Tools> Services> and stop SurfControl Web Filter Report Server ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')