Từ chối dịch vụ (DoS) trong Microsoft ProxyServer, and Internet Security and Acceleration S:
trang này đã được đọc lần
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
iDEFENSE Security Advisory 04.09.03:
/>Denial of Service in Microsoft Proxy Server 2.0 and Internet Security
and
Acceleration Server 2000
April 9, 2003
I. BACKGROUND
Microsoft Corp.'s Internet Security and Acceleration Server (ISA)
Server
integrates an extensible, multi-layer enterprise firewall and a
scalable
high-performance web cache. It builds on Microsoft Windows 2000
security
and directory for policy-based security, acceleration and management of
internetworking. More information is available at
. MS Proxy 2.0 is the predecessor
to
ISA Server, more information is available at
/>.
II. DESCRIPTION
A vulnerability exists in ISA Server and MS Proxy 2.0 that allows
attackers to cause a denial-of-service condition by spoofing a
specially
crafted packet to the target system. Another impact of this
vulnerability
is the capability of a remote attacker to generate an infinite packet
storm between two unpatched systems implementing ISA Server or MS Proxy
2.0 over the Internet.

format.
IV. DETECTION
iDEFENSE has verified that Microsoft ISA Server 2000 and MS Proxy 2.0
are
both vulnerable to the same malformed packet characteristics described
above.
Wspsrv.exe is enabled by default in Proxy Server 2.0. The Microsoft
Firewall server is enabled by default in ISA Server firewall mode and
ISA
Server integrated mode installations. It is disabled in ISA Server
cache
mode installations.
V. WORKAROUND
To prevent the second attack scenario, apply ingress filtering on the
Internet router on UDP port 1745 to prevent a malformed packet from
reaching the ISA Server and causing a packet storm.
VI. RECOVERY
Restart either the WinSock Proxy Service or the affected system to
resume
normal operation.
VII. VENDOR FIX/RESPONSE
Microsoft has provided fixes for Proxy Server 2.0 and ISA Server at
.
VIII. CVE INFORMATION
The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project
has
assigned the identification number CAN-2003-0110 to this issue.
IX. DISCLOSURE TIMELINE
01/23/2003 Issue disclosed to iDEFENSE
02/24/2003 contacted