Tuesday 09 November 2004

MS Security Bulletins - 09 November

Only one MS Security Bulletin issued today. There is no mention of the new vulnerabilities in Internet Explorer.

Microsoft Security Bulletin MS04-039

Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258)

A spoofing vulnerability exists could enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site.

Proxy Server 2.0 acts as a gateway to the Internet for client computers. A proxy server generally acts as an intermediary between a private network and the Internet. Proxy Server 2.0 also caches Internet content for internal users to increase performance and to reduce outgoing network bandwidth.

ISA Server 2000 provides both an enterprise firewall and a high-performance Web cache. The firewall helps protects the network by regulating which resources can be accessed through the firewall, and under what conditions. The Web cache helps improve network performance by storing local copies of frequently-requested Web content.

The vulnerability is caused because Proxy Server 2.0 and ISA Server 2000 cache the results of a reverse lookup and use that result for a forward (normal) lookup. This approach assumes that the hostname received during the reverse lookup is the valid hostname. The first time a reverse lookup is performed for a particular IP address, an attacker could provide a spoofed reverse lookup response for a domain name that they are not authoritative over. If a user then tries to access the resource by using the domain name that is supplied by the attacker, the user's request would be routed to the incorrect IP address instead of being serviced by the valid content owner.


Related Tools

Related Reading

Recent Internet Explorer Vulnerabilities