| VID |
28039 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
Winsock Proxy server and ISA Firewall Server is vulnerable to a Denial of Service attack.
Proxy Server acts as a gateway to the Internet for client computers and ISA Server provides both an enterprise firewall and a high-performance web cache. These servers work with a clients application that are compatible with Windows Sockets(Winsock) such as FTP, telnet, mail, news, Internet Relay Chat(IRC), and etc. The Proxy Server 2.0 and ISA server 2000 have a flaw in the Firewall and Winsock Proxy(WSP) service, which a remote attacker can deny service and cause the server to stop processing traffic. By default, the WSP is enabled in Proxy Server 2.0 and the Firewall service is enabled in ISA Server 2000 in the firewall or intergrated mode installations. When a remote attacker sends a specially crafted packet to port 1745/UDP on the server, it causes the server to enter an endless loop and the CPU utilization on the server to reach 100%, and then the server to stop processing traffic. To return the server to normal operations, the server must be restarted.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://securitytracker.com/alerts/2003/Apr/1006534.html
http://www.microsoft.com/technet/security/bulletin/MS03-012.asp
http://www.idefense.com/advisory/04.09.03.txt
http://www.securiteam.com/windowsntfocus/5MP0B009PE.html
* Platforms Affected:
Microsoft Proxy Server 2.0
Microsoft ISA Server 2000 |
| Recommendation |
Apply the Patch appropriately from the Microsoft's web site.
For the Proxy Server 2.0,
1. Open the page http://microsoft.com/downloads/details.aspx?FamilyId=C81688B7-20FB-45EB-BAFD-031A0D2923E6&displaylang=en
2. Click the "Download" link to download the Security Patch.
3. Run the downloaded file 43512_enu_i386_zip.exe to start the installation.
4. Reboot the system to complete the installation.
For the ISA Server 2000,
1. Open the page http://microsoft.com/downloads/details.aspx?FamilyId=3C43FAD2-A888-4603-84B7-1053C8663436&displaylang=en
2. Click the "Download" link to download the Security Patch.
3. Run the isahf257.exe to start the installation. |
| Related URL |
CVE-2003-0110 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
11752 (ISS) |
|
