Forums: Mircosoft Isa2000 Critical Vul - Forums

Jump to content

  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Mircosoft Isa2000 Critical Vul REMOTE ATTACKER CAN EXECUTE CODE

#1 User is offline   KarachiKing555 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 103
  • Joined: 09-October 03

Posted 13 January 2004 - 02:25 PM

First Vul of 2004 and critical ! MS04-001 :lol:
critical security vulnerability exists in the H.323 filter for Microsoft ISA Server 2000 that could allow an attacker to overflow a buffer on the Microsoft Firewall Service in Microsoft ISA Server 2000. The vulnerability results because the H.323 filter for the Microsoft Firewall Service does not perform proper boundary checks on specially formatted H.323 packets. An attacker who successfully exploited this vulnerably could attempt to run code of their choosing in the security context of the Microsoft Firewall Service, giving the attacker complete control over the system. ISA Servers running in cache mode are not vulnerable because the Microsoft Firewall Service is disabled by default. However, since the H.323 filter is enabled by default on systems installed in Integrated or Firewall mode, installing this security update is highly recommended.


MircoSoft ISA2000-MS04-001

ANY one Code for this :P
0

#2 Guest_AsuKa_*

  • Group: Guests

Posted 13 January 2004 - 04:22 PM

Hmmm, yes, this definetly looks nice. Hopefully the source will make its way through here soon :D
0

#3 Guest_yuliang11_*

  • Group: Guests

Posted 13 January 2004 - 05:07 PM

hey that's not what an ISA suppose to do!!let people control your server???.. heh heh hehh. i want my money back
0

#4 User is offline   priapo 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 22
  • Joined: 02-December 03

Posted 13 January 2004 - 08:05 PM

Quote

ISA Servers running in cache mode are not vulnerable because the Microsoft Firewall Service is disabled by default.

It could be even nicer if this weren't true, I'll be worth to keep an eye on it anyways :D
0

#5 User is offline   radien 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 73
  • Joined: 27-June 03

Posted 14 January 2004 - 01:45 PM

Yea, many vuln's come from where is not expected
0

#6 Guest_XtrA_*

  • Group: Guests

Posted 14 January 2004 - 01:52 PM

try it guys
0

#7 User is offline   Steffan 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 66
  • Joined: 08-September 03

Posted 14 January 2004 - 01:52 PM

Is there any PoC code out there ??

Would like to see one :rolleyes:

C'ya
Steven
0

#8 User is offline   TheOther 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 98
  • Joined: 01-December 03

Posted 15 January 2004 - 12:48 AM

I hope there will be a POC for windows soon. :)


Is there something in private for this vuln.?
0

#9 User is offline   zero-maitimax 

  • Sergeant First Class
  • Icon
  • Group: Members
  • Posts: 309
  • Joined: 16-December 03

Posted 15 January 2004 - 03:22 AM

what is a ISA server :S ?


btw does it olso work on the family server 2000?
0

#10 User is offline   Steffan 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 66
  • Joined: 08-September 03

Posted 15 January 2004 - 04:19 AM

zero-maitimax, on Jan 15 2004, 11:22 AM, said:

what is a ISA server :S ?

ISA -> http://www.microsoft.com/isaserver/

Have a nice day ! ;)
0

#11 User is offline   chrispen 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 88
  • Joined: 11-September 03

Posted 15 January 2004 - 10:19 AM

hmmm nice vulnerability but really how many ISA servers are out ? not many i guess..
0

#12 User is offline   KarachiKing555 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 103
  • Joined: 09-October 03

Posted 15 January 2004 - 03:05 PM

yeah not many but it could be relief for the restricted users ! out there and cant access even sometimes cant doo manythings coz ports are not forwarded !
pls any1 any codes for this ! :unsure:
0

#13 User is offline   mastervampire 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 31
  • Joined: 16-December 03

Posted 15 January 2004 - 03:48 PM

hehe nice
0

#14 User is offline   The-X 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 59
  • Joined: 14-December 03

Posted 16 January 2004 - 03:56 AM

looks nice ^^

there are some isa server out there...
0

#15 User is offline   zero-maitimax 

  • Sergeant First Class
  • Icon
  • Group: Members
  • Posts: 309
  • Joined: 16-December 03

Posted 19 January 2004 - 03:09 AM

offtopic
there is in totaal 4 exploit not much yet :S
0
  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting