lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200605041622.32631.beSIRT@beyondsecurity.com>
Date: Thu May  4 15:10:01 2006
From: beSIRT at beyondsecurity.com (beSIRT)
Subject: ISA Server 2004 Log Manipulation

Discovered by: Noam Rathaus using the beSTORM fuzzer.
Reported to vendor: December, 2005.
Vendor response: Microsoft does not consider this issue to be a security 
vulnerability.

Public release date: 4th of May, 2006.
Advisory URL: 
http://www.beyondsecurity.com/besirt/advisories/042006-001-ISA-LM.txt

Introduction
------------
There is a Log Manipulation vulnerability in Microsoft ISA Server 2004, which 
when exploited will enable a malicious user to manipulate the Destination 
Host parameter of the log file.

Technical Details
-----------------
By sending the following request to the server:
GET / HTTP/1.0
Host: %01%02%03%04
Transfer-Encoding: whatever

We were able to insert arbitrary characters, in this case the ASCII characters
1, 2, 3 (respectively) into the Destination Host parameter of the log file.

This has been found after 3 days of running the beSTORM fuzzer at 600+ 
Sessions per Second while monitoring the ISA Server log file for problems.

About ISA Server 2004
---------------------
"Microsoft Internet Security and Acceleration (ISA) Server 2004 is the 
advanced stateful packet and application-layer inspection firewall, virtual 
private network (VPN), and Web cache solution that enables enterprise 
customers to easily maximize existing information technology (IT) investments 
by improving network security and performance."

Product URL: http://www.microsoft.com/isaserver/default.mspx

--
beSIRT - Beyond Security's Incident Response Team
beSIRT@...ondsecurity.com.

www.BeyondSecurity.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ