===================================================================== CERT-Renater Note d'Information No. 2010/VULN446 _____________________________________________________________________ DATE : 10/11/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Forefront Unified Access Gateway. ====================================================================== KB2316074 http://www.microsoft.com/technet/security/bulletin/MS10-089.mspx ______________________________________________________________________ Microsoft Security Bulletin MS10-089 - Important Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. This security update is rated Important for all supported versions of Forefront Unified Access Gateway 2010. For more information, see the subsection, Affected and Non-Affected Software, in this section. Affected Software Forefront Unified Access Gateway 2010 Forefront Unified Access Gateway 2010 Update 1 Forefront Unified Access Gateway 2010 Update 2 Vulnerability Information UAG Redirection Spoofing Vulnerability - CVE-2010-2732 A spoofing vulnerability exists in Forefront Unified Access Gateway (UAG). The vulnerability could allow spoofing or redirecting of traffic intended for the UAG server if a UAG user clicks a specially crafted link. An attacker could send a specially crafted URL to a user of the UAG server to redirect Web traffic to a malicious site with content similar to the original Web site. By doing so, the attacker could potentially acquire sensitive information, such as the user's credentials. UAG XSS Allows EOP Vulnerability - CVE-2010-2733 A cross-site scripting (XSS) vulnerability exists in Forefront Unified Access Gateway (UAG) that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the UAG server in the context of the targeted user. XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability - CVE-2010-2734 A cross-site scripting (XSS) vulnerability exists in Forefront Unified Access Gateway (UAG) that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the UAG server in the context of the targeted user. XSS in Signurl.asp Vulnerability - CVE-2010-3936 A cross-site scripting (XSS) vulnerability exists in Forefront Unified Access Gateway (UAG) that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the UAG server in the context of the targeted user. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================