Microsoft ISA Server SOCKS4 Proxy Connection Remote Information Disclosure Vulnerability

Bugtraq ID:	25753
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-4991
Remote:	Yes
Local:	No
Published:	Sep 20 2007 12:00AM
Updated:	Sep 21 2007 07:40PM
Credit:	CIRT.DK is credited with the discovery of this vulnerability.
Vulnerable:	Microsoft ISA Server 2004 SP2 Microsoft ISA Server 2004 SP1
Not Vulnerable:	Microsoft ISA Server 2004 SP3

Microsoft ISA Server SOCKS4 Proxy Connection Remote Information Disclosure Vulnerability

Microsoft ISA Server is prone to an information-disclosure vulnerability that occurs when SOCKS4 handles empty packets.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

This issue affects Microsoft ISA Server 2004 SP1 and SP2.

Microsoft ISA Server SOCKS4 Proxy Connection Remote Information Disclosure Vulnerability

An attacker can exploit this issue by using readily available network utilities.

Microsoft ISA Server SOCKS4 Proxy Connection Remote Information Disclosure Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.


Microsoft ISA Server 2004 SP2

• Microsoft Microsoft Internet Security and Acceleration (ISA) Server 2004 Standard Edition SP3
  http://www.microsoft.com/downloads/details.aspx?FamilyID=A05A074A-5033 -4792-AF8B-58B90D841436&displaylang=en

Microsoft ISA Server 2004 SP1

• Microsoft Microsoft Internet Security and Acceleration (ISA) Server 2004 Standard Edition SP3
  http://www.microsoft.com/downloads/details.aspx?FamilyID=A05A074A-5033 -4792-AF8B-58B90D841436&displaylang=en

Microsoft ISA Server SOCKS4 Proxy Connection Remote Information Disclosure Vulnerability

References:

• Microsoft Homepage (Microsoft)
  
• ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage (Zero Day Initiative)
  
• Microsoft ISA Server SOCKS4 Proxy Connection Leakage (Zero Day Initiative)