Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Domain-name issue could aid eavesdroppers
Published: 2007-12-05

Microsoft warned companies on Monday that a flaw in the way Windows searches for Web proxies could allow an attacker the ability to reroute traffic through a malicious server.

The security issues occur when a Windows computer attempts to find a proxy server using Microsoft's Web Proxy Automatic Discovery (WPAD) technology and the organization's domain name starts at the third level or deeper, such as somecompany.co.jp, the software giant stated in an advisory. The WPAD search first attempts to find the server using the fully-qualified domain name (FQDN), and if it doesn't find the server will try the next higher level of the domain name. For example, a search for a proxy server in somecompany.co.jp will look for servername.somecompany.co.jp and then move on to servername.co.jp, which could be a malicious server outside the company's network.

"At this time, we are not aware of attacks attempting to use the reported vulnerability, but we will continue to track this issue," Tim Rains, a spokesman for the Microsoft Security Response Center, said on the teams' blog. "The advisory contains several mitigations that customers can use to help protect themselves from attackers."

Successfully exploiting the vulnerability would reroute a Windows computer's Web traffic through the malicious proxy server, allowing man-in-the-middle attacks and eavesdropping.

Microsoft has had to deal with a handful of vulnerabilities in recent months caused by the Windows software that handles domain names. In April, the software giant closed a buffer overflow in the remote procedure call functionality of its Domain Name Server for Windows 2000 and Windows 2003. The company is also one of the browser makers searching for a solution to the issue of DNS rebinding, which could be used by an attacker to gain access to resources on a Web surfer's network.

Because international domain names frequently assign both the top-level domain and the second-level domain, such as co.jp, to segments of users, the vulnerability primarily threatens non-U.S. organizations. Microsoft acknowledged white-hat hacker Beau Butler, who presented details of the issue at Kiwicon in New Zealand last month.

If you have tips or insights on this topic, please contact SecurityFocus.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus