Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2022 Tenable Network Security, Inc.SMB_NT_MS09-016.NASL
HistoryApr 14, 2009 - 12:00 a.m.

MS09-016: Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway Could Cause Denial of Service (961759)

2009-04-1400:00:00
This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.
www.tenable.com
22
JSON

The version of Microsoft ISA Server or Forefront Threat Management Gateway installed on the remote host is affected by one or both of the following vulnerabilities :

  • By sending a series of specially crafted packets, an anonymous remote attacker can create orphaned open sessions in the firewall engine, thereby denying service to legitimate users. (CVE-2009-0077)

  • A non-persistent cross-site scripting vulnerability exists in the application due to its failure to sanitize input to its ‘cookieauth.dll’ script. (CVE-2009-0237)

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(36154);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/01/26");

  script_cve_id("CVE-2009-0077", "CVE-2009-0237");
  script_bugtraq_id(34414, 34416);
  script_xref(name:"IAVT", value:"2009-T-0022-S");
  script_xref(name:"MSFT", value:"MS09-016");
  script_xref(name:"MSKB", value:"9698075");

  script_name(english:"MS09-016: Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway Could Cause Denial of Service (961759)");
  script_summary(english:"Checks version of wspsrv.exe");

  script_set_attribute( attribute:"synopsis",  value:
"The remote host contains an application that is affected by multiple
vulnerabilities.");
  script_set_attribute( attribute:"description",    value:
"The version of Microsoft ISA Server or Forefront Threat Management
Gateway installed on the remote host is affected by one or both of the
following vulnerabilities :

  - By sending a series of specially crafted packets, an
    anonymous remote attacker can create orphaned open
    sessions in the firewall engine, thereby denying
    service to legitimate users. (CVE-2009-0077)

  - A non-persistent cross-site scripting vulnerability
    exists in the application due to its failure to sanitize
    input to its 'cookieauth.dll' script. (CVE-2009-0237)");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-016");
  script_set_attribute(  attribute:"solution",   value:
"Microsoft has released a set of patches for ISA Server 2004 and 2006
as well as Forefront Threat Management Gateway.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(79);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:forefront_threat_management_gateway");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:isa_server");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2009-2022 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}


include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");


include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS09-016';
kbs = make_list("9698075");
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);


path = get_kb_item("SMB/Registry/HKLM/SOFTWARE/Microsoft/Fpc");
if (!path) exit(0, "ISA Server does not appear to be installed.");


if (is_accessible_share())
{
  if (
    # Microsoft Forefront Threat Management Gateway Medium Business Edition
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"6.0.6417.153", min_version:"6.0.0.0", bulletin:bulletin, kb:"9698075") == HCF_OLDER ||

    # ISA Server 2006
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"5.0.5723.511", min_version:"5.0.5723.0", bulletin:bulletin, kb:"968078") == HCF_OLDER ||
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"5.0.5721.261", min_version:"5.0.5721.0", bulletin:bulletin, kb:"968078") == HCF_OLDER ||
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"5.0.5720.172", min_version:"5.0.0.0", bulletin:bulletin, kb:"968078") == HCF_OLDER ||

    # ISA Server 2004
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"4.0.3445.909", min_version:"4.0.3000.0", bulletin:bulletin, kb:"960995") == HCF_OLDER ||
    hotfix_check_fversion(path:path, file:"wspsrv.exe", version:"4.0.2167.909", bulletin:bulletin, kb:"960995") == HCF_OLDER
  ) {
    set_kb_item(name:"SMB/Missing/MS09-016", value:TRUE);
    hotfix_security_warning();
 }

  hotfix_check_fversion_end();
  exit(0);
}
VendorProductVersionCPE
microsoftforefront_threat_management_gatewaycpe:/a:microsoft:forefront_threat_management_gateway
microsoftisa_servercpe:/a:microsoft:isa_server

Related

securityvulns 2
openvas 2
checkpoint_advisories 3
seebug 2
cve 2
prion 2
securityvulns
securityvulns
Microsoft Security Bulletin MS09-016 - Important Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
2009-04-15 00:00:00
Microsoft ISA Server / Forefront Threat Management Gateway DoS
2009-04-15 00:00:00
openvas
openvas
Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)
2009-04-23 00:00:00
Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)
2009-04-23 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Microsoft ISA Server Cross-Site Scripting (XSS) Vulnerability (MS09-016)
2009-04-14 00:00:00
Workaround for Microsoft ISA Server TCP State Limited Denial of Service Vulnerability (MS09-016)
2009-04-14 00:00:00
Microsoft Web Proxy TCP State Limited Denial of Service (MS09-016; CVE-2009-0077)
2012-07-23 00:00:00
seebug
seebug
Microsoft ISA Server和Forefront TMG跨站脚本漏洞(MS09-016)
2009-04-16 00:00:00
Microsoft ISA Server和Forefront TMG拒绝服务漏洞(MS09-016)
2009-04-16 00:00:00
cve
cve
CVE-2009-0237
2009-04-15 08:00:00
CVE-2009-0077
2009-04-15 08:00:00
prion
prion
Cross site scripting
2009-04-15 08:00:00
Denial of service
2009-04-15 08:00:00
JSON
Related for SMB_NT_MS09-016.NASL
securityvulns2openvas2checkpoint_advisories3seebug2cve2prion2