SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Microsoft Internet Security and Acceleration Server Vendors:   Microsoft
Microsoft ISA Server TCP State Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1022045
SecurityTracker URL:  http://securitytracker.com/id/1022045
CVE Reference:   CVE-2009-0077   (Links to External Site)
Date:  Apr 14 2009
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2004 SP3, 2006 SP1; and prior service packs
Description:   A vulnerability was reported in Microsoft ISA Server and Microsoft Forefront Threat Management Gateway. A remote user can cause denial of service conditions.

The firewall engine does not properly handle TCP state for web proxy or web publishing listeners. A remote user can send specially crafted TCP data to cause the target web listener service to stop responding.

Microsoft Internet Security and Acceleration Server 2000 SP2 is not affected.

Impact:   A remote user can cause the target web listener to stop responding.
Solution:   The vendor has issued the following fixes:

Microsoft Forefront Threat Management Gateway, Medium Business Edition:

http://www.microsoft.com/downloads/details.aspx?familyid=6abf9fb4-42d0-4c67-935f-8dc67850148b

Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=adf623fa-2d74-4f2a-9835-4b8debdb0e1b

Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=d1d55ab6-3de5-4811-9693-8d43f49f5fe8

Microsoft Internet Security and Acceleration Server 2006:

http://www.microsoft.com/downloads/details.aspx?familyid=eda30bcc-0582-4f60-a4c5-ea5000b7c770

Microsoft Internet Security and Acceleration Server 2006 Supportability Update:

http://www.microsoft.com/downloads/details.aspx?familyid=eda30bcc-0582-4f60-a4c5-ea5000b7c770

Microsoft Internet Security and Acceleration Server 2006 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=eda30bcc-0582-4f60-a4c5-ea5000b7c770

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-016.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-016.mspx (Links to External Site)
Cause:   State error
Underlying OS:  Windows (2000), Windows (2003), Windows (2008)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC