In association with heise online

24 September 2007, 12:26

ISA Server 2004 divulges IP addresses

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Zero-Day Initiative has published details of a hole that has already been closed in Microsoft's ISA Server 2004 through which attackers can apparently retrieve internal IP addresses. According to the report, all attackers need to do is send an empty SOCKS4 packet to the server. The proxy then sends back a packet containing the IP address of the last packet that went through the proxy. ISA Server 2004 with SP1 and SP2 are affected. Service Pack 3, which was released at the end of May, remedies the flaw. It is not clear why ZDI only now reported it.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit