| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 May 2006 11:22:16 +0300 From: beSIRT <beSIRT@...ondsecurity.com> To: "Steven M. Christey" <coley@...re.org> Cc: bugtraq@...urityfocus.com Subject: Re: ISA Server 2004 Log Manipulation On Friday 05 May 2006 09:16, Steven M. Christey wrote: > >There is a Log Manipulation vulnerability in Microsoft ISA Server > >2004, which when exploited will enable a malicious user to manipulate > >the Destination Host parameter of the log file. > > ... > > >We were able to insert arbitrary characters, in this case the ASCII > >characters 1, 2, 3 (respectively) into the Destination Host parameter > >of the log file. Just to clarify - these are the ASCII *values* 1,2,3 (or: 0x01, 0x02, 0x03). You can potentially insert any ASCII value you want using character encoding. > > I'm curious about why you regard this as security-relevant. I do not > know what you mean by "log manipulation". > You can insert the 'tab' value and possibly break 3rd party log analyzers. Other interesting characters may be the EOF or EOD value, a "<" character for CSS, and whatever else your heart desires. As for the attack vectors, we think there's a lot you can do with being able to inject practically arbitrary characters into a corporate firewall's logs, but it's not our job to judge the severity of the problem, every ISA server user should know if this is relevant for them. > > - Steve -- beSIRT - Beyond Security's Incident Response Team beSIRT@...ondsecurity.com. www.BeyondSecurity.com
Powered by blists - more mailing lists