Vulnerabilities > CVE-2009-0077 - Unspecified vulnerability in Microsoft products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
microsoft
nessus

Summary

The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."

Msbulletin

bulletin_idMS09-016
bulletin_url
date2009-04-14T00:00:00
impactDenial of Service
knowledgebase_id961759
knowledgebase_url
severityImportant
titleVulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS09-016.NASL
descriptionThe version of Microsoft ISA Server or Forefront Threat Management Gateway installed on the remote host is affected by one or both of the following vulnerabilities : - By sending a series of specially crafted packets, an anonymous remote attacker can create orphaned open sessions in the firewall engine, thereby denying service to legitimate users. (CVE-2009-0077) - A non-persistent cross-site scripting vulnerability exists in the application due to its failure to sanitize input to its
last seen2020-06-01
modified2020-06-02
plugin id36154
published2009-04-14
reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/36154
titleMS09-016: Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway Could Cause Denial of Service (961759)
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(36154);
  script_version("1.23");
  script_cvs_date("Date: 2018/11/15 20:50:30");

  script_cve_id("CVE-2009-0077", "CVE-2009-0237");
  script_bugtraq_id(34414, 34416);
  script_xref(name:"IAVT", value:"2009-T-0022");
  script_xref(name:"MSFT", value:"MS09-016");
  script_xref(name:"MSKB", value:"9698075");

  script_name(english:"MS09-016: Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway Could Cause Denial of Service (961759)");
  script_summary(english:"Checks version of wspsrv.exe");

  script_set_attribute( attribute:"synopsis",  value:
"The remote host contains an application that is affected by multiple
vulnerabilities.");
  script_set_attribute( attribute:"description",    value:
"The version of Microsoft ISA Server or Forefront Threat Management
Gateway installed on the remote host is affected by one or both of the
following vulnerabilities :

  - By sending a series of specially crafted packets, an
    anonymous remote attacker can create orphaned open
    sessions in the firewall engine, thereby denying
    service to legitimate users. (CVE-2009-0077)

  - A non-persistent cross-site scripting vulnerability
    exists in the application due to its failure to sanitize
    input to its 'cookieauth.dll' script. (CVE-2009-0237)");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-016");
  script_set_attribute(  attribute:"solution",   value:
"Microsoft has released a set of patches for ISA Server 2004 and 2006
as well as Forefront Threat Management Gateway.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(79);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:forefront_threat_management_gateway");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:isa_server");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}


include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");


include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS09-016';
kbs = make_list("9698075");
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);


path = get_kb_item("SMB/Registry/HKLM/SOFTWARE/Microsoft/Fpc");
if (!path) exit(0, "ISA Server does not appear to be installed.");


if (is_accessible_share())
{
  if (
    # Microsoft Forefront Threat Management Gateway Medium Business Edition
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"6.0.6417.153", min_version:"6.0.0.0", bulletin:bulletin, kb:"9698075") == HCF_OLDER ||

    # ISA Server 2006
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"5.0.5723.511", min_version:"5.0.5723.0", bulletin:bulletin, kb:"968078") == HCF_OLDER ||
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"5.0.5721.261", min_version:"5.0.5721.0", bulletin:bulletin, kb:"968078") == HCF_OLDER ||
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"5.0.5720.172", min_version:"5.0.0.0", bulletin:bulletin, kb:"968078") == HCF_OLDER ||

    # ISA Server 2004
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"4.0.3445.909", min_version:"4.0.3000.0", bulletin:bulletin, kb:"960995") == HCF_OLDER ||
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"4.0.2167.909", bulletin:bulletin, kb:"960995") == HCF_OLDER
  ) {
    set_kb_item(name:"SMB/Missing/MS09-016", value:TRUE);
    hotfix_security_warning();
 }

  hotfix_check_fversion_end();
  exit(0);
}

Oval

accepted2014-06-30T04:11:14.322-04:00
classvulnerability
contributors
  • nameDragos Prisaca
    organizationGideon Technologies, Inc.
  • nameBrendan Miles
    organizationThe MITRE Corporation
  • nameJosh Turpin
    organizationSymantec Corporation
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Internet Security and Acceleration Server 2004
    ovaloval:org.mitre.oval:def:5940
  • commentMicrosoft Internet Security and Acceleration Server 2004
    ovaloval:org.mitre.oval:def:5940
  • commentMicrosoft Internet Security and Acceleration Server 2006
    ovaloval:org.mitre.oval:def:6052
  • commentMicrosoft Internet Security and Acceleration Server 2006
    ovaloval:org.mitre.oval:def:6052
  • commentMicrosoft Internet Security and Acceleration Server 2006
    ovaloval:org.mitre.oval:def:6052
descriptionThe firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."
familywindows
idoval:org.mitre.oval:def:6068
statusaccepted
submitted2009-04-14T16:00:00
titleWeb Proxy TCP State Limited Denial of Service Vulnerability
version11

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 34414 CVE(CAN) ID: CVE-2009-0077 Microsoft ISA Server和Forefront TMG都是微软产品家族中的安全组件,可提供防火墙、安全网关等功能。 防火墙引擎在为Web代理或者Web发布监听器处理TCP状态的方式可能会留下孤儿开放会话,这允许远程用户导致Web监听器停止响应新请求。 Microsoft ISA Server 2006可支持性升级 Microsoft ISA Server 2006 SP1 Microsoft ISA Server 2006 Microsoft ISA Server 2004 SP3 Microsoft Forefront TMG MBE Microsoft --------- Microsoft已经为此发布了一个安全公告(MS09-016)以及相应补丁: MS09-016:Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS09-016.mspx?pf=true target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/bulletin/MS09-016.mspx?pf=true</a>
idSSV:5057
last seen2017-11-19
modified2009-04-16
published2009-04-16
reporterRoot
titleMicrosoft ISA Server和Forefront TMG拒绝服务漏洞(MS09-016)