Article Translations
Related Support Centers
|
Other Support Options
|
Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice
| Article ID | : | 323889 |
| Last Review | : | August 9, 2004 |
| Revision | : | 4.1 |
This article was previously published under
Q323889
On this Page
 |
SYMPTOMS | |
|
CAUSE | |
|
RESOLUTION | |
|
WORKAROUND | |
|
STATUS | |
|
MORE INFORMATION | |
SYMPTOMS
A problem may occur on an Internet Security and
Acceleration (ISA) Server-based or Proxy Server 2.0-based computer during
the processing of Internet Gopher protocol requests. A typical Gopher
request may look similar to this:
A successful attack against the ISA Server-based or Proxy Server 2.0-based computer requires a malicious Gopher request. This request must originate from a valid user who is permitted by the firewall policy and that is received by the Web Proxy service. This means that a valid client would have to submit the initial request.
gopher://gopher.example.com:70/11/example%09%09%2b
When a malicious request is received, the ISA Server-based or Proxy
Server 2.0-based computer may send back a response that is not valid,
generate an access violation error message, and stop providing
services.A successful attack against the ISA Server-based or Proxy Server 2.0-based computer requires a malicious Gopher request. This request must originate from a valid user who is permitted by the firewall policy and that is received by the Web Proxy service. This means that a valid client would have to submit the initial request.
CAUSE
The vulnerability results because of an unchecked buffer
in the code. This code handles information that is returned from a server
by using the Gopher protocol. By configuring a Gopher server to return
information in a particular manner in response to requests, an attacker
might attempt to overflow the buffer and load code on the computer.
RESOLUTION
ISA Server
You must install ISA Server Service Pack 1 (SP1) before you apply the following hotfix.For additional information about how to obtain the latest ISA Server service pack, click the article number below to view the article in the Microsoft Knowledge Base:
313139 How to
Obtain the Latest Internet Security and Acceleration Server 2000 Service
Pack
The following file is available for download from the Microsoft
Download Center:To install the fix, run the self-extracting file. You do not need to restart the ISA Server computer. If the computer is part of an ISA Server array, you do not need to shut the whole array down; you can still install this fix on a one-by-one basis.
The English version of the ISA Server fix should have the following file attributes or later:
Date Time Version Size File name ------------------------------------------------------ 11-Jun-2002 13:08 3.0.1200.177 30,992 W3pinet.dllThis fix also applies to the French, German, Spanish, and Japanese versions of ISA Server.
Release Date: June 14, 2002
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to
Obtain Microsoft Support Files from Online Services
Microsoft
scanned this file for viruses. Microsoft used the most current
virus-detection software that was available on the date that the file was
posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file. Proxy Server 2.0
You must install Proxy Server 2.0 Service Pack 1 (SP1) before you apply the following hotfix.For additional information about Proxy Server 2.0 SP1, click the article number below to view the article in the Microsoft Knowledge Base:
238375 Proxy
Server 2.0 Service Pack 1: List of Fixes
The following file is
available for download from the Microsoft Download Center:The English version of the Proxy Server 2.0 fix should have the following file attributes or later:
Date Time Version Size File name ------------------------------------------------------ 11-Jun-2002 09:09 2.0.390.16 37,136 W3pinet.dllThis fix also applies to the French, German, Spanish, and Japanese versions of Proxy Server 2.0.
Release Date: June 14, 2002
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to
Obtain Microsoft Support Files from Online Services
Microsoft scanned
this file for viruses. Microsoft used the most current virus-detection
software that was available on the date that the file was posted. The file
is stored on secure servers that prevent any unauthorized changes to the
file.WORKAROUND
Workarounds exist for:
For step-by-step instructions for these
workarounds, please view the "Frequently asked questions" section of the
following security bulletin:
| • | Internet Explorer |
| • | ISA Server-based computers |
| • | ISA Server-based arrays |
| • | Multiple ISA Server-based arrays |
| • | Proxy 2.0 Server-based computers |
STATUS
Microsoft has confirmed that this is a problem in the
Microsoft products that are listed at the beginning of this article.
MORE INFORMATION
Successfully exploiting the vulnerability requires that
the intended target be able to receive information from an attacker's
server by using the Gopher protocol. Anything that prevents this access,
such as blocking the Gopher protocol or blocking access to the attacker's
server, would have the effect of preventing attempts to exploit this
vulnerability. Because of this, this vulnerability does not affect the
default installation of ISA Server.
The Gopher protocol is an earlier protocol that provides for the transfer of text-based information across the Internet. Information on Gopher servers is hierarchically presented by using a menu system, and multiple Gopher servers can be linked together to form a collective "Gopherspace". More information about this protocol is included in Request for Comments number 1436.
For more information about this vulnerability, please view the following security bulletin:
The Gopher protocol is an earlier protocol that provides for the transfer of text-based information across the Internet. Information on Gopher servers is hierarchically presented by using a menu system, and multiple Gopher servers can be linked together to form a collective "Gopherspace". More information about this protocol is included in Request for Comments number 1436.
For more information about this vulnerability, please view the following security bulletin:
APPLIES TO
| • | Microsoft Internet Explorer 5.5 Service Pack 1 |
| • | Microsoft Internet Explorer 5.5 Service Pack 2 and Internet Tools |
| • | Microsoft Internet Explorer 5.01 Service Pack 2 |
| • | Microsoft Internet Explorer 5.5 Service Pack 1 |
| • | Microsoft Internet Explorer 5.5 Service Pack 2 and Internet Tools |
| • | Microsoft Internet Explorer 5.5 Service Pack 1 |
| • | Microsoft Internet Explorer 5.5 Service Pack 2 and Internet Tools |
| • | Microsoft Internet Explorer 5.5 Service Pack 1 |
| • | Microsoft Internet Explorer 5.5 Service Pack 2 and Internet Tools |
| • | Microsoft Internet Explorer 5.5 Service Pack 1 |
| • | Microsoft Internet Explorer 5.5 Service Pack 2 and Internet Tools |
| • | Microsoft Internet Explorer 5.5 Service Pack 1 |
| • | Microsoft Internet Explorer 5.5 for Windows 2000 SP 2 |
| • | Microsoft Internet Explorer 5.01 Service Pack 1 |
| • | Microsoft Internet Explorer 5.01 Service Pack 2 |
| • | Microsoft Internet Security and Acceleration Server 2000 Standard Edition |
| • | Microsoft Internet Security and Acceleration Server 2000 Service Pack 1 |
| • | Microsoft Proxy Server 2.0 Standard Edition |
| • | Microsoft Internet Explorer 6.0 Service Pack 1 |
| • | Microsoft Internet Explorer 6.0 Service Pack 1 |
| • | Microsoft Internet Explorer 6.0 Service Pack 1 |
| • | Microsoft Internet Explorer 6.0 Service Pack 1 |
| • | Microsoft Internet Explorer 6.0 Service Pack 1 |
| • | Microsoft Internet Explorer version 6 for Windows 98 |
Keywords: |
kbbug kbenv kbfix kbqfe KB323889 |
