Microsoft ISA Server Proxy Service memory leak denial of service
| isa-proxy-memory-leak-dos (6990) |  Medium Risk |
Description:
Microsoft Internet Security and Acceleration (ISA) Server is vulnerable to a denial of service attack, caused by a memory leak in the Proxy Service. If a remote attacker from within the network sends a large number of specially-crafted requests to the Proxy Service, the attacker can cause all memory resources to be consumed, which would cause the server to stop responding. The server must be restarted to regain normal functionality.
Consequences:
Denial of Service
Remedy:
Apply the patch for this vulnerability, as listed in Microsoft Security Bulletin MS01-045. See References.
References:
- Microsoft Security Bulletin MS01-045: ISA Server H.323 Gatekeeper Service Contains Memory Leak.
- BID-3197: Microsoft ISA Server Proxy Service Memory Leak Denial of Service Vulnerability
- CVE-2001-0547: Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
- OSVDB ID: 1933: Microsoft ISA Server Proxy Service Memory Leak DoS
Platforms Affected:
- Microsoft ISA Server 2000
Reported:
Aug 16, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this