=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN383
_____________________________________________________________________

DATE                      : 15/06/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft ISA Server.

======================================================================

MS05-034 - Vulnerability in Microsoft ISA Server Could allow Information
            Disclosure (899753)

   - Affected Software:
     - Microsoft Internet Security and Acceleration Server 2000 Service Pack 2

     - Note The following software programs include ISA Server 2000.
            Customers who use these software programs should install
            the provided ISA Server 2000 security update:
         - Microsoft Small Business Server 2000
         - Microsoft Small Business Server 2003 Premium Edition

     - Impact: Elevation of Privilege
     - Version Number: 1.0


- From the Microsoft Security Bulletin MS05-034:

Vulnerability Details

HTTP Content Header Vulnerability - CAN-2005-1215

A vulnerability exists in ISA Server 2000 because of the way that it handles
malformed HTTP requests. An attacker could exploit the vulnerability by
constructing a malicious HTTP request that could potentially allow an
attacker to poison the cache of the affected ISA server. As a result, the
attacker could either bypass content restrictions and access content that
they would normally not have access to or they could cause users to be
directed to unexpected content. Additionally, an attacker could use this in
combination with a separate Cross Site Scripting vulnerability to obtain
sensitive information such as logon credentials.

NetBIOS Predefined Filter Vulnerability - CAN-2005-1216

An elevation of privilege vulnerability exists in ISA Server 2000 that could
allow an attacker who successfully exploited this vulnerability to createa
NetBIOS connection with an ISA Server by utilizing the NetBIOS (all)
predefined packet filter. The attacker would be limited to services that use
the NetBIOS protocol running on the affected ISA Server.

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================