hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
KarachiKing555
Jan 13 2004, 10:25 PM
First Vul of 2004 and critical ! MS04-001 laugh.gif
CODE
critical security vulnerability exists in the H.323 filter for Microsoft ISA Server 2000 that could allow an attacker to overflow a buffer on the Microsoft Firewall Service in Microsoft ISA Server 2000. The vulnerability results because the H.323 filter for the Microsoft Firewall Service does not perform proper boundary checks on specially formatted H.323 packets. An attacker who successfully exploited this vulnerably could attempt to run code of their choosing in the security context of the Microsoft Firewall Service, giving the attacker complete control over the system. ISA Servers running in cache mode are not vulnerable because the Microsoft Firewall Service is disabled by default. However, since the H.323 filter is enabled by default on systems installed in Integrated or Firewall mode, installing this security update is highly recommended.


MircoSoft ISA2000-MS04-001

ANY one Code for this tongue.gif
AsuKa
Jan 14 2004, 12:22 AM
Hmmm, yes, this definetly looks nice. Hopefully the source will make its way through here soon biggrin.gif
yuliang11
Jan 14 2004, 01:07 AM
hey that's not what an ISA suppose to do!!let people control your server???.. heh heh hehh. i want my money back
priapo
Jan 14 2004, 04:05 AM
QUOTE
ISA Servers running in cache mode are not vulnerable because the Microsoft Firewall Service is disabled by default.

It could be even nicer if this weren't true, I'll be worth to keep an eye on it anyways biggrin.gif
radien
Jan 14 2004, 09:45 PM
Yea, many vuln's come from where is not expected
XtrA
Jan 14 2004, 09:52 PM
try it guys
Steffan
Jan 14 2004, 09:52 PM
Is there any PoC code out there ??

Would like to see one rolleyes.gif

C'ya
Steven
TheOther
Jan 15 2004, 08:48 AM
I hope there will be a POC for windows soon. smile.gif


Is there something in private for this vuln.?

zero-maitimax
Jan 15 2004, 11:22 AM
what is a ISA server :S ?


btw does it olso work on the family server 2000?
Steffan
Jan 15 2004, 12:19 PM
QUOTE (zero-maitimax @ Jan 15 2004, 11:22 AM)
what is a ISA server :S ?

ISA -> http://www.microsoft.com/isaserver/

Have a nice day ! wink.gif
chrispen
Jan 15 2004, 06:19 PM
hmmm nice vulnerability but really how many ISA servers are out ? not many i guess..
KarachiKing555
Jan 15 2004, 11:05 PM
yeah not many but it could be relief for the restricted users ! out there and cant access even sometimes cant doo manythings coz ports are not forwarded !
pls any1 any codes for this ! unsure.gif
mastervampire
Jan 15 2004, 11:48 PM
hehe nice
The-X
Jan 16 2004, 11:56 AM
looks nice ^^

there are some isa server out there...
zero-maitimax
Jan 19 2004, 11:09 AM
offtopic
there is in totaal 4 exploit not much yet :S
KarachiKing555
Jan 22 2004, 02:55 PM
bump man como pls any have code or explo for this i have dozens of ISA server to exploit over network laugh.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.