Bugtraq mailing list archives
[NTSEC] DoS attack in MS - Proxy 2.0
From: jasong () MICROSOFT COM (Jason Garms)
Date: Thu, 15 Oct 1998 11:23:50 -0700
Just to follow-up on some recent threads on on Microsoft Proxy Server: On October 8 & 9, 1998, two emails were posted by mnemonix () globalnet co uk who indicated two possible new security attacks against Microsoft Proxy Server. We've worked in our labs and with the assistance of Mnemonix in an attempt to reproduce the reported security issues. There were two specific scenarios reported and both have been researched and tested. In spite of the effort and help from the Mnemonix we've been unable to reproduce the stated security breaches with a properly configured Microsoft Proxy Server. At this time, we have no reason to believe that customers have any risk associated with the reported attack method. None-the-less, we will continue research with Mnemonix until we can fully explain the observed behavior reported. We take these kinds of reports very seriously and we'll continue to track any new developments. Thanks, -JasonG Jason Garms Product Manager Windows NT Security Microsoft Corporation JasonG () Microsoft Com
Current thread:
- Last (hopefully) update on GroupWise Simple Nomad (Oct 10)
- <Possible follow-ups>
- Last (hopefully) update on GroupWise Adrian Voinea (Feb 06)
- /tmp race in mc-4.5.0 Pavel Machek (Oct 12)
- Re: /tmp race in mc-4.5.0 Bennett Todd (Oct 14)
- Re: /tmp race in mc-4.5.0 Marc Heuse (Oct 14)
- [NTSEC] DoS attack in MS - Proxy 2.0 Jason Garms (Oct 15)
- IRIX xterm(1) exploitable buffer overflow SGI Security Coordinator (Oct 15)
- IRIX Xaw library exploitable buffer overflow SGI Security Coordinator (Oct 15)
- Microsoft Security Bulletin (MS98-015) Aleph One (Oct 16)
- HP-UX 10.20 SharedX Receiver Service DoS Security Research Team (Oct 16)
- Breaking Finger in AIX 4.2 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (Oct 20)
- Re: Breaking Finger in AIX 4.2 Troy A. Bollinger (Oct 20)
- Alert: IE 4.0 Security Zone compromise Aleph One (Oct 20)
- /tmp race in mc-4.5.0 Pavel Machek (Oct 12)
- Re: Annoying Solaris/CDE/NIS+ bug Frank Cusack (Oct 13)