Internet Gopher protocol requests can control your pc » Computer internet security  
Computer and internet security news
computer and networking security portal
 
|
|
|
News
|
Advertise
|
|
Products
|
Contact

Internet Gopher protocol requests can control your pc



Monday, August 18, 2008, 10:15
This news item was posted in Iphone security category and has 0 Comments so far.

Microsoft issued a “critical” security alert about a hole in its Internet Explorer browser that could allow hackers to use an outdated Internet protocol to seize control of people’s computers.

A problem may occur on an Internet Security and Acceleration (ISA) Server-based or Proxy Server 2.0-based computer during the processing of Internet Gopher protocol requests. A typical Gopher request may look similar to this:

gopher://gopher.example.com:70/11/example%09%09%2b

When a malicious request is received, the ISA Server-based or Proxy Server 2.0-based computer may send back a response that is not valid, generate an access violation error message, and stop providing services.

A successful attack against the ISA Server-based or Proxy Server 2.0-based computer requires a malicious Gopher request. This request must originate from a valid user who is permitted by the firewall policy and that is received by the Web Proxy service. This means that a valid client would have to submit the initial request.

The vulnerability results because of an unchecked buffer in the code. This code handles information that is returned from a server by using the Gopher protocol. By configuring a Gopher server to return information in a particular manner in response to requests, an attacker might attempt to overflow the buffer and load code on the computer.

You must install ISA Server Service Pack 1 (SP1) before you apply the following hotfix.

For additional information about how to obtain the latest ISA Server service pack, click the article number below to view the article in the Microsoft Knowledge Base:

How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack

The following file is available for download from the Microsoft Download Center:

Download Isahf177.exe

Related posts:

  1. Transmission Control Protocol/Internet Protocol (TCP/IP)
  2. Keeping internet security alert
  3. Dynamic Host Configuration Protocol (DHCP) Server
  4. Server DNS vulnerability attacks
  5. Knowing about proxy servers
  6. Microsoft confirmed the new sql security threat

Related posts brought to you by Yet Another Related Posts Plugin.





Tagged with: , , , ,

You can leave a response, or trackback from your own site.

Leave a Reply

Reloading a corrupted page
Choosing an endpoint security application




:::: Recent entries


 
Join My Community at MyBloglog!



My BlogCatalog BlogRank

Computers Blogs - Blog Top Sites