SecurityTracker: (Small Business Server is Affected) Microsoft Internet Security and Acceleration Server Bugs Let Remote Users Poison the Cache and Establish NetBIOS Connections

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Microsoft Small Business Server

Vendors: Microsoft

(Small Business Server is Affected) Microsoft Internet Security and Acceleration Server Bugs Let Remote Users Poison the Cache and Establish NetBIOS Connections

SecurityTracker Alert ID: 1014208

SecurityTracker URL: http://securitytracker.com/id/1014208

CVE Reference: CVE-2005-1215, CVE-2005-1216 (Links to External Site)

Date: Jun 14 2005

Impact: Modification of system information, Modification of user information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): Microsoft Small Business Server 2000, 2003

Description: Two vulnerabilities were reported in the Microsoft Internet Security and Acceleration (ISA) Server. A remote user can poison the cache. A remote user can also establish a NetBIOS connection to the ISA Server. Microsoft Small Business Server includes the ISA Server and is affected.

The server does not properly process HTTP content headers. A remote user can submit a specially crafted HTTP request to poison the cache of the affected ISA server [CVE: CAN-2005-1215]. As a result, the remote user can access content that would otherwise have been restricted by the server or to cause a target user to be directed to unexpected content.

A remote user can exploit a flaw in the NetBIOS (all) predefined packet filter to establish a NetBIOS connection to the target ISA Server [CVE: CAN-2005-1216].

The vendor credits Steve Orrin of Watchfire with reporting the HTTP content header vulnerability.

Impact: A remote user can poison the cache of the affected ISA server.

A remote user can establish a NetBIOS connection to services on the target ISA Server that use NetBIOS.

Solution: The vendor has issued the following fix:

Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=E579813B-0372-45BE-8070-3F4D7D4CB89C

A restart is not required.

Vendor URL: www.microsoft.com/technet/security/Bulletin/MS05-034.mspx (Links to External Site)

Cause: Access control error, Input validation error

Underlying OS: Windows (2000), Windows (2003)

Message History: This archive entry is a follow-up to the message listed below.

Microsoft Internet Security and Acceleration Server Bugs Let Remote Users Poison the Cache and Establish NetBIOS Connections

Source Message Contents

Date: Tue, 14 Jun 2005 16:33:26 -0400
Subject: http://www.microsoft.com/technet/security/Bulletin/MS05-034.mspx



http://www.microsoft.com/technet/security/Bulletin/MS05-034.mspx

Microsoft Small Business Server 2000 and Microsoft Small Business Server 2003 Premium 
Edition are also affected.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC