Firewall Wizards mailing list archives
Re: Microsoft ISA Server
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 26 Jun 2002 01:26:10 -0400 (EDT)
this 'firewall' has been subject to many of the windows related exploits, including the recent sqlworm issue. Of course, some are fond of the color blue <smile>.
Please allow me to modify this statement, as the worms for msql does not seem to be directly related to ISA deployments, yet ISA server does often display issues related to the core windows OS's, such as the recent gopher issue: <quote> http://online.securityfocus.com/bid/4930 Multiple Microsoft Product Gopher Client Buffer Overflow Vulnerability ... Microsoft ISA Server 2000 SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 Microsoft ISA Server 2000 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Server Microsoft Proxy Server 2.0 SP1 Microsoft Proxy Server 2.0 - Microsoft BackOffice 4.5 - Microsoft Windows NT 4.0 </quote> Although ISA systems might well be subject to another sql related exploit discussed by David Lichtfield: <quote> Description *********** Microsoft's database server SQL Server 2000 has a remotely exploitable buffer overrun vulnerability in the OpenDataSource function when combined with the MS Jet Engine. Due to this being a JET problem other products may also be vulnerable; however the fix for all products should be the same. Please see the "Fix Information" section for more details. http://online.securityfocus.com/bid/5057 Microsoft SQL MS Jet Engine Unicode Buffer Overflow Vulnerability </quote> This of course is dependant upon what folks have chosen to install on their ISA systems, and it appears recent MDAC implimentations do not have JET installed by default, though there is documentation available on how to do so, and some folks might well have made their systems vulnerable to this also by avoiding some of the defaults and applying 'updates': http://support.microsoft.com/default.aspx?scid=kb;en-us;Q271908 <quote> INFO: MDAC Version 2.6 and Later Do Not Contain Jet or Desktop ODBC Drivers (Q271908) The information in this article applies to: Microsoft OLE DB Provider for Jet, version 4.0 Microsoft ODBC Driver for Access, version 4.0 Microsoft Data Access Components versions 2.6 , 2.7 SUMMARY Starting with Microsoft Data Access Components (MDAC) version 2.6, MDAC no longer contains Jet components. In other words, MDAC 2.6 and 2.7 do not include Microsoft Jet, Microsoft Jet OLE DB Provider, and the ODBC Desktop Database Drivers. <then goes on to describe how to install the JET drivers> </quote> Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Microsoft ISA Server RWoerner (Jun 21)
- RE: Microsoft ISA Server B. Scott Harroff (Jun 21)
- RE: Microsoft ISA Server Bill Royds (Jun 21)
- Re: Microsoft ISA Server Mikael Olsson (Jun 22)
- Re: Microsoft ISA Server R. DuFresne (Jun 22)
- Re: Microsoft ISA Server Patrick M. Hausen (Jun 22)
- RE: NTLM on firewalls (was: Microsoft ISA Server) Ben Nagy (Jun 24)
- Re: NTLM on firewalls (was: Microsoft ISA Server) Darren Reed (Jun 25)
- RE: NTLM on firewalls (was: Microsoft ISA Server) Ben Nagy (Jun 24)
- <Possible follow-ups>
- Re: Microsoft ISA Server R. DuFresne (Jun 26)