ISS X-Force Database: isa-cache-reverse-spoof(17906): Microsoft ISA Server and Proxy Server allow Web site spoofing caused by cache reverse lookup results

Microsoft ISA Server and Proxy Server allow Web site spoofing caused by cache reverse lookup results

isa-cache-reverse-spoof (17906)

Medium Risk

Description:

Microsoft Internet Security and Acceleration (ISA) Server, Microsoft Proxy Server, and Small Business Server could allow a remote attacker to spoof a trusted Web site. This is caused by a vulnerability in the method used to cache reverse lookup results. A remote attacker could create a specially-crafted Web page and persuade the victim to visit the Web page using an IP address, instead of fully qualified domain name, to spoof a trusted Web site. An attacker could exploit this vulnerability by hosting the malicious Web page on a Web site or by sending it to a victim as an HTML email.

Consequences:

Other

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-034. See References.

Note: Microsoft originally provided a workaround for this vulnerability in MS04-039, but it introduced the vulnerability in Microsoft Knowledge Base Article 821724. MS04-039 has been superseded by the patch released in MS05-034.

References:

Microsoft Knowledge Base Article 821724: FIX: Basic credentials may be sent over an external HTTP connection when SSL is required.
Microsoft Security Bulletin MS04-039: Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Web Site Spoofing (888258).
Microsoft Security Bulletin MS05-034: Cumulative Security Update for ISA Server 2000 (899753).
BID-11605: Microsoft ISA and Proxy Server Web Site Spoofing Vulnerability
CVE-2004-0892: Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.

Platforms Affected:

Microsoft ISA Server 2000 SP1
Microsoft ISA Server 2000 SP2
Microsoft Proxy Server 2.0 SP1
Microsoft Small Business Server 2000
Microsoft Small Business Server 2003

Reported:

Nov 09, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page