[8224] in bugtraq
[NTSEC] DoS attack in MS - Proxy 2.0
daemon@ATHENA.MIT.EDU (Jason Garms)
Thu Oct 15 16:22:19 1998
Date: Thu, 15 Oct 1998 11:23:50 -0700
Reply-To: Jason Garms <jasong@MICROSOFT.COM>
From: Jason Garms <jasong@MICROSOFT.COM>
X-To: ntbugtraq@listserv.ntbugtraq.com, ntsecurity@iss.net
To: BUGTRAQ@NETSPACE.ORG
Just to follow-up on some recent threads on on Microsoft Proxy Server:
On October 8 & 9, 1998, two emails were posted by mnemonix@globalnet.co.uk
who indicated two possible new security attacks against Microsoft Proxy
Server.
We've worked in our labs and with the assistance of Mnemonix in an attempt
to reproduce the reported security issues. There were two specific scenarios
reported and both have been researched and tested. In spite of the effort
and help from the Mnemonix we've been unable to reproduce the stated
security breaches with a properly configured Microsoft Proxy Server.
At this time, we have no reason to believe that customers have any risk
associated with the reported attack method. None-the-less, we will continue
research with Mnemonix until we can fully explain the observed behavior
reported.
We take these kinds of reports very seriously and we'll continue to track
any new developments.
Thanks,
-JasonG
Jason Garms
Product Manager
Windows NT Security
Microsoft Corporation
JasonG@Microsoft.Com
