lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu May  4 20:39:30 2006
From: ragdelaed at gmail.com (ragdelaed)
Subject: ISA Server 2004 Log Manipulation

3 days at 600 per second non stop = 86400 sec/day * 600 = 51 840 000 
attempts.

after 51.8 million tries, the product was able to inject the numbers 
1,2,3 into a parameter into a log that many see as non-critical. and it 
looks like you tried 1,2,3,4 but it only did 1,2,3.

c'mon. log manipulation should mean more than that, shouldnt it? hmmmm.

beSIRT wrote:
> Discovered by: Noam Rathaus using the beSTORM fuzzer.
> Reported to vendor: December, 2005.
> Vendor response: Microsoft does not consider this issue to be a security 
> vulnerability.
>
> Public release date: 4th of May, 2006.
> Advisory URL: 
> http://www.beyondsecurity.com/besirt/advisories/042006-001-ISA-LM.txt
>
> Introduction
> ------------
> There is a Log Manipulation vulnerability in Microsoft ISA Server 2004, which 
> when exploited will enable a malicious user to manipulate the Destination 
> Host parameter of the log file.
>
> Technical Details
> -----------------
> By sending the following request to the server:
> GET / HTTP/1.0
> Host: %01%02%03%04
> Transfer-Encoding: whatever
>
> We were able to insert arbitrary characters, in this case the ASCII characters
> 1, 2, 3 (respectively) into the Destination Host parameter of the log file.
>
> This has been found after 3 days of running the beSTORM fuzzer at 600+ 
> Sessions per Second while monitoring the ISA Server log file for problems.
>
> About ISA Server 2004
> ---------------------
> "Microsoft Internet Security and Acceleration (ISA) Server 2004 is the 
> advanced stateful packet and application-layer inspection firewall, virtual 
> private network (VPN), and Web cache solution that enables enterprise 
> customers to easily maximize existing information technology (IT) investments 
> by improving network security and performance."
>
> Product URL: http://www.microsoft.com/isaserver/default.mspx
>
> --
> beSIRT - Beyond Security's Incident Response Team
> beSIRT@...ondsecurity.com.
>
> www.BeyondSecurity.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Powered by blists - more mailing lists