Re: Fw: Microsoft Security Bulletin MS02-027
- From: "Steve Moffat" <steve@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 12 Jun 2002 16:39:15 +0100
If in fact you actually read the whole bulletin, it tells you how to apply a
workaround until Microsoft release the patch.
Steve
-----Original Message-----
From: UESSE S.r.l. [mailto:uesse@xxxxxx]
Sent: Wed 12/06/2002 12:27 PM
To: [ISAserver.org Discussion List]
Cc:
Subject: [isalist] Re: Fw: Microsoft Security Bulletin MS02-027
http://www.ISAserver.org
Why that bulletin for ?
To inform hackers about the vulnerability, so they
can provide a nice attack until the patch will be available ? ;-)
----- Original Message -----
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, June 12, 2002 2:18 AM
Subject: [isalist] Fw: Microsoft Security Bulletin MS02-027
> http://www.ISAserver.org
>
>
> Pay close attention to this one, folks!
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/authors/harrison/
> Read the books!
> ----- Original Message -----
> From: "Jerry Bryant [MS]" <jbryant@xxxxxxxxxxxxxxxxxxxx>
> Newsgroups:
>
microsoft.public.security,microsoft.public.isa,microsoft.public.isaserver,mi
>
crosoft.public.windows.inetexplorer.ie55.browser,microsoft.public.windows.in
> etexplorer.ie6.browser
> Sent: Tuesday, June 11, 2002 4:40 PM
> Subject: Microsoft Security Bulletin MS02-027
>
>
> Title: Unchecked Buffer in Gopher Protocol Handler Can Run Code
> of Attacker's Choice (Q323889)
> Date: 11 June 2002
> Software: Internet Explorer, Proxy Server, Internet Security and
> Acceleration Server
> Impact: Run Code of Attacker's Choice
> Max Risk: Critical
> Bulletin: MS02-027
>
> Microsoft encourages customers to review the Security Bulletin at:
> http://www.microsoft.com/technet/security/bulletin/MS02-027.asp.
> -
----------------------------------------------------------------------
>
> Issue:
> ======
> This is a work-around bulletin that details steps customers can take
to
> protect themselves against a publicly disclosed vulnerability until
patches
> are available.
>
> The Gopher protocol is a legacy protocol that provides for the
transfer of
> text-based information across the Internet. Information on Gopher
servers
is
> hierarchically presented using a menu system, and multiple Gopher
servers
> can be linked together to form a collective "Gopherspace".
>
> There is an unchecked buffer in a piece of code which handles the
response
> from Gopher servers. This code is used independently in IE, ISA, and
Proxy
> Server. A security vulnerability results because it is possible for an
> attacker to attempt to exploit this flaw by mounting a buffer overrun
attack
> through a specially crafted server response. The attacker could seek
to
> exploit the vulnerability by crafting a web page that contacted a
server
> under the attacker's control. The attacker could then either post this
page
> on a web site or send it as an HTML email. When the page was
displayed and
> the server's response received and processed, the attack would be
carried
> out.
>
> A successful attack requires that the attacker be able to send
information
> to the intended target using the Gopher protocol. Anything which
inhibited
> Gopher connectivity could protect against attempts to exploit this
> vulnerability. In the case of IE, the code would be run in the user's
> context. As a result, any limitations on the user would apply to the
> attacker's code as well.
>
>
> Mitigating Factors:
> ====================
> - A successful attack requires that the attacker's server be
> able to deliver information to the target using the Gopher
> protocol. Customers who block Gopher at the perimeter would be
> protected against attempts to exploit this vulnerability across
> the Internet.
>
> - In the case of IE, code would run in the security context of
> the user. As a result, any limitations on the user's ability
> would also restrict the actions an attacker's code could take.
>
> - A successful attack against ISA and Proxy servers would
> require that the malicious response be received by the web
> proxy service. In practical terms, this means that a proxy
> client would have to submit the initial request through the
> proxy server.
>
> Risk Rating:
> ============
> - Internet systems: Critical
> - Intranet systems: Critical
> - Client systems: Critical
>
> Patch Availability:
> ===================
> - A patch is currently under development to fix this
> vulnerability. Please read the Security Bulletin at
> http://www.microsoft.com/technet/security/bulletin/ms02-027.asp
> for workaround information while patches are developed.
>
> -
---------------------------------------------------------------------
>
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
> PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
> WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
> WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO
> EVENT
> SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
> WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
> BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
> SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES
> DO
> NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
> INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
>
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
uesse@xxxxxx
> To unsubscribe send a blank email to
leave-isalist-244890H@xxxxxxxxxxxxx
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to leave-isalist-244890H@xxxxxxxxxxxxx
Other related posts:
