Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_4

Bugtraq archives for 4th quarter (Oct-Dec) 1998: [NTSEC] DoS attack in MS - Proxy 2.0

[NTSEC] DoS attack in MS - Proxy 2.0

Jason Garms (jasongMICROSOFT.COM)
Thu, 15 Oct 1998 11:23:50 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: SGI Security Coordinator: "IRIX xterm(1) exploitable buffer overflow"
Previous message: Bennett Todd: "Re: /tmp race in mc-4.5.0"

Just to follow-up on some recent threads on on Microsoft Proxy Server:

On October 8 & 9, 1998, two emails were posted by mnemonixglobalnet.co.uk
who indicated two possible new security attacks against Microsoft Proxy
Server.

We've worked in our labs and with the assistance of Mnemonix in an attempt
to reproduce the reported security issues. There were two specific scenarios
reported and both have been researched and tested. In spite of the effort
and help from the Mnemonix we've been unable to reproduce the stated
security breaches with a properly configured Microsoft Proxy Server.

At this time, we have no reason to believe that customers have any risk
associated with the reported attack method.  None-the-less, we will continue
research with Mnemonix until we can fully explain the observed behavior
reported.

We take these kinds of reports very seriously and we'll continue to track
any new developments.

Thanks,
-JasonG

Jason Garms
Product Manager
Windows NT Security
Microsoft Corporation

JasonGMicrosoft.Com

Next message: SGI Security Coordinator: "IRIX xterm(1) exploitable buffer overflow"
Previous message: Bennett Todd: "Re: /tmp race in mc-4.5.0"