Re: Fw: Microsoft Security Bulletin MS02-027
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 12 Jun 2002 13:23:21 -0700
The "hackers" found the vulnerability; MS is informing you of it so you can
take appropriate steps to protect yourself.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "UESSE S.r.l." <uesse@xxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, June 12, 2002 8:27 AM
Subject: [isalist] Re: Fw: Microsoft Security Bulletin MS02-027
http://www.ISAserver.org
Why that bulletin for ?
To inform hackers about the vulnerability, so they
can provide a nice attack until the patch will be available ? ;-)
----- Original Message -----
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, June 12, 2002 2:18 AM
Subject: [isalist] Fw: Microsoft Security Bulletin MS02-027
> http://www.ISAserver.org
>
>
> Pay close attention to this one, folks!
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/authors/harrison/
> Read the books!
> ----- Original Message -----
> From: "Jerry Bryant [MS]" <jbryant@xxxxxxxxxxxxxxxxxxxx>
> Newsgroups:
>
microsoft.public.security,microsoft.public.isa,microsoft.public.isaserver,mi
>
crosoft.public.windows.inetexplorer.ie55.browser,microsoft.public.windows.in
> etexplorer.ie6.browser
> Sent: Tuesday, June 11, 2002 4:40 PM
> Subject: Microsoft Security Bulletin MS02-027
>
>
> Title: Unchecked Buffer in Gopher Protocol Handler Can Run Code
> of Attacker's Choice (Q323889)
> Date: 11 June 2002
> Software: Internet Explorer, Proxy Server, Internet Security and
> Acceleration Server
> Impact: Run Code of Attacker's Choice
> Max Risk: Critical
> Bulletin: MS02-027
>
> Microsoft encourages customers to review the Security Bulletin at:
> http://www.microsoft.com/technet/security/bulletin/MS02-027.asp.
> - ----------------------------------------------------------------------
>
> Issue:
> ======
> This is a work-around bulletin that details steps customers can take to
> protect themselves against a publicly disclosed vulnerability until
patches
> are available.
>
> The Gopher protocol is a legacy protocol that provides for the transfer of
> text-based information across the Internet. Information on Gopher servers
is
> hierarchically presented using a menu system, and multiple Gopher servers
> can be linked together to form a collective "Gopherspace".
>
> There is an unchecked buffer in a piece of code which handles the response
> from Gopher servers. This code is used independently in IE, ISA, and Proxy
> Server. A security vulnerability results because it is possible for an
> attacker to attempt to exploit this flaw by mounting a buffer overrun
attack
> through a specially crafted server response. The attacker could seek to
> exploit the vulnerability by crafting a web page that contacted a server
> under the attacker's control. The attacker could then either post this
page
> on a web site or send it as an HTML email. When the page was displayed and
> the server's response received and processed, the attack would be carried
> out.
>
> A successful attack requires that the attacker be able to send information
> to the intended target using the Gopher protocol. Anything which inhibited
> Gopher connectivity could protect against attempts to exploit this
> vulnerability. In the case of IE, the code would be run in the user's
> context. As a result, any limitations on the user would apply to the
> attacker's code as well.
>
>
> Mitigating Factors:
> ====================
> - A successful attack requires that the attacker's server be
> able to deliver information to the target using the Gopher
> protocol. Customers who block Gopher at the perimeter would be
> protected against attempts to exploit this vulnerability across
> the Internet.
>
> - In the case of IE, code would run in the security context of
> the user. As a result, any limitations on the user's ability
> would also restrict the actions an attacker's code could take.
>
> - A successful attack against ISA and Proxy servers would
> require that the malicious response be received by the web
> proxy service. In practical terms, this means that a proxy
> client would have to submit the initial request through the
> proxy server.
>
> Risk Rating:
> ============
> - Internet systems: Critical
> - Intranet systems: Critical
> - Client systems: Critical
>
> Patch Availability:
> ===================
> - A patch is currently under development to fix this
> vulnerability. Please read the Security Bulletin at
> http://www.microsoft.com/technet/security/bulletin/ms02-027.asp
> for workaround information while patches are developed.
>
> - ---------------------------------------------------------------------
>
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
> PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
> WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
> WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO
> EVENT
> SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
> WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF
> BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS
> SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES
> DO
> NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR
> INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
>
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
uesse@xxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
