[THIN] ALERT: ISA Server Vulnerability

  • From: "Jim Kenzig http://thethin.net" <jimkenz@xxxxxxxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx, windows2000@xxxxxxxxxxxxx
  • Date: Fri, 16 Jan 2004 11:00:02 -0500

Trend has given this a HIGH risk rating!

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ISA_SERVER_H
.323_VULNERABILITY

Microsoft ISA Server 2000 has a special service, the Microsoft Firewall
Service, which it uses to allow Internet applications to perform as if they
are connected to the Internet. The Firewall Service eliminates the need for
a specific gateway for different protocol, including SMTP, Telnet, FTP, and
H.323.
The Firewall Service uses the H.323 filter for Microsoft ISA Server 2000 to
manage traffic using H.323 and T.120 protocols. These protocols are used in
IP telephony applications for audio, video, file, or remote data transfers.
The Firewall Service contains this buffer overflow vulnerability, which is
due to the fact that it does not perform bounds checking on H.323 packets.
An attacker can exploit this vulnerability to run malicious codes and gain
complete control over affected systems.
The following software are affected by this vulnerability:
*       Microsoft ISA Server 2000
*       Microsoft Business Server 2000 (includes ISA server 2000)
*       Microsoft Business Server 2003 (includes ISA server 2000)
Microsoft has more information on this vulnerability in Security Bulletin
MS04-001 entitled Vulnerability in Microsoft Internet Security and
Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security
/bulletin/MS04-001.asp>.


Regards,
Jim Kenzig

********************************************************
This Week's Sponsor - RTO Software / TScale
What's keeping you from getting more from your terminal servers? Did you
know, in most cases, CPU Utilization IS NOT the single biggest constraint to
scaling up?! Get this free white paper to understand the real constraints &
how to overcome them. SAVE MONEY by scaling-up rather than buying more
servers. http://www.rtosoft.com/Enter.asp?ID=147
*********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

  • » [THIN] ALERT: ISA Server Vulnerability
  1. Home
  2. thin
  3. Archive
  4. 01-2004