[isalist] Re: Fwd: [Full-disclosure] ISA Server 2004 Log Manipulation
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sun, 7 May 2006 05:08:44 -0700
http://www.ISAserver.org
-------------------------------------------------------
None
Zip
Zero
Nada
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Friday, May 05, 2006 15:49
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Fwd: [Full-disclosure] ISA Server 2004 Log Manipulation
http://www.ISAserver.org
-------------------------------------------------------
So??? What exactly is the issue?
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Danny
> Sent: Friday, May 05, 2006 6:42 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Fwd: [Full-disclosure] ISA Server 2004 Log
> Manipulation
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> FYI... discussion contines in Full-disclosure
>
> ---------- Forwarded message ----------
> From: beSIRT <beSIRT@xxxxxxxxxxxxxxxxxx>
> Date: May 4, 2006 9:22 AM
> Subject: [Full-disclosure] ISA Server 2004 Log Manipulation
> To: full-disclosure@xxxxxxxxxxxxxxxxx
>
>
> Discovered by: Noam Rathaus using the beSTORM fuzzer.
> Reported to vendor: December, 2005.
> Vendor response: Microsoft does not consider this issue to be a
> security vulnerability.
>
> Public release date: 4th of May, 2006.
> Advisory URL:
> http://www.beyondsecurity.com/besirt/advisories/042006-001-ISA-LM.txt
>
> Introduction
> ------------
> There is a Log Manipulation vulnerability in Microsoft ISA Server
> 2004, which when exploited will enable a malicious user to manipulate
> the Destination Host parameter of the log file.
>
> Technical Details
> -----------------
> By sending the following request to the server:
> GET / HTTP/1.0
> Host: %01%02%03%04
> Transfer-Encoding: whatever
>
> We were able to insert arbitrary characters, in this case the ASCII
> characters 1, 2, 3 (respectively) into the Destination Host parameter
> of the log file.
>
> This has been found after 3 days of running the beSTORM fuzzer at 600+
> Sessions per Second while monitoring the ISA Server log file for
> problems.
>
> About ISA Server 2004
> ---------------------
> "Microsoft Internet Security and Acceleration (ISA) Server 2004 is the
> advanced stateful packet and application-layer inspection firewall,
> virtual private network (VPN), and Web cache solution that enables
> enterprise customers to easily maximize existing information
> technology
> (IT) investments
> by improving network security and performance."
>
> Product URL: http://www.microsoft.com/isaserver/default.mspx
>
> --
> beSIRT - Beyond Security's Incident Response Team
> beSIRT@xxxxxxxxxxxxxxxxxxx
>
> www.BeyondSecurity.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> --
> CPDE - Certified Petroleum Distribution Engineer CCBC - Certified
> Canadian Beer Consumer
>
>
> --
> CPDE - Certified Petroleum Distribution Engineer CCBC - Certified
> Canadian Beer Consumer
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
