Microsoft ISA Server Denial of Service Vulnerability

Type

A system resource is exhausted.

Release Date

November 02, 2001

Product / Vendor

Microsoft Internet Security and Acceleration (ISA) Server is an Enterprise level proxy server and firewall product.

http://www.microsoft.com/isaserver/

Summary

A fragmented Udp attack through the microsoft isa server makes the system hampered by using the cpu at 100%. Meanwhile server uses processor power too much and therefore packet process ratio decreases.

Log

You may reach the session log through
http://www.securityoffice.net/downloads/isa.txt

Exploit

opentear.c by RootShell
http://www.securityoffice.net/downloads/opentear.c

Tested

Windows 2000 Server + Service Pack 2
Microsoft ISA Server 2000 Enterprise Full + All Fixes

Vulnerable

Microsoft ISA Server 2000 Standart
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Server

Microsoft ISA Server 2000 Enterprise
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Server

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.

Author

Tamer Sahin
ts(at)securityoffice.net
http://www.securityoffice.net