Two Problems in ISA Server 2000?
Reported June 14, 2005 by Microsoft
VERSIONS AFFECTED
Microsoft Internet Security and
Acceleration (ISA) Server 2000 Service Pack 2 including |
DESCRIPTION
Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2 (SP2) contains two vulnerabilities. ISA Server doesn't properly process malformed HTTP requests, which could allow an intruder to poison the cache, bypass content restrictions, access unauthorized content, or redirect other ISA Server users to various content.
Also, the process used by ISA Server to validate NetBIOS contains a vulnerability that could allow an intruder to gain access with elevated privileges and to connect to services using the NetBIOS protocol.
VENDOR RESPONSE
Microsoft released a security bulletin, Cumulative Security Update for ISA Server 2000 (899753), and an associated patch to correct these problems.
CREDITS
Steve Orrin of
Watchfire reported the HTTP request processing vulnerability
Han
Valk reported the NetBIOS vulnerability