This bulletin discusses three security vulnerabilities that are unrelated except in the sense that both affect ISA Server 2000:
- A denial of service vulnerability involving the H.323 Gatekeeper Service, a service that supports the transmission of voice-over-IP traffic through the firewall. The service contains a memory leak that is triggered by a particular type of malformed H.323 data. Each time such data is received, the memory available on the server is depleted by a small amount; if an attacker repeatedly sent such data, the performance of the server could deteriorate to the point where it would effectively disrupt all communications across the firewall. A server administrator could restore normal service by cycling the H.323 service.
- A denial of service vulnerability in the in the Proxy service. Like the vulnerability above, this one is caused by a memory leak, and could be used to degrade the performance of the server to the point where is disrupted communcations.
- A cross-site scripting vulnerability affecting the error page that ISA Server 2000 generates in response to a failed request for a web page. An attacker could exploit the vulnerability by tricking a user into submitting to ISA Server 2000 an URL that has the following characteristics: (a) it references a valid web site; (b)it requests a page within that site that can't be retrieved - that is, a non-existent page or one that generates an error; and (c) it contains script within the URL. The error page generated by ISA Server 2000 would contain the embedded script commands, which would execute when the page was displayed in the user's browser. The script would run in the security domain of the web site referenced in the URL, and would be able to access any cookies that site has written to the user's machine.
Read more
- A denial of service vulnerability involving the H.323 Gatekeeper Service, a service that supports the transmission of voice-over-IP traffic through the firewall. The service contains a memory leak that is triggered by a particular type of malformed H.323 data. Each time such data is received, the memory available on the server is depleted by a small amount; if an attacker repeatedly sent such data, the performance of the server could deteriorate to the point where it would effectively disrupt all communications across the firewall. A server administrator could restore normal service by cycling the H.323 service.
- A denial of service vulnerability in the in the Proxy service. Like the vulnerability above, this one is caused by a memory leak, and could be used to degrade the performance of the server to the point where is disrupted communcations.
- A cross-site scripting vulnerability affecting the error page that ISA Server 2000 generates in response to a failed request for a web page. An attacker could exploit the vulnerability by tricking a user into submitting to ISA Server 2000 an URL that has the following characteristics: (a) it references a valid web site; (b)it requests a page within that site that can't be retrieved - that is, a non-existent page or one that generates an error; and (c) it contains script within the URL. The error page generated by ISA Server 2000 would contain the embedded script commands, which would execute when the page was displayed in the user's browser. The script would run in the security domain of the web site referenced in the URL, and would be able to access any cookies that site has written to the user's machine.
Read more