MS09-031: Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote host contains an application that is affected by a
privilege escalation vulnerability.

Description :

The version of Microsoft Internet Security and Acceleration (ISA)
Server 2006 installed on the remote host may allow an unauthenticated
attacker with knowledge of administrator account usernames to gain
access to published resources in the context of such a user without
having to authenticate with the ISA server.

Note that successful exploitation of this issue requires that ISA be
configured for Radius One Time Password (OTP) authentication and
authentication delegation with Kerberos Constrained Delegation.

See also :

Solution :

Microsoft has released a set of patches for ISA Server 2006.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 39794 ()

Bugtraq ID: 35631

CVE ID: CVE-2009-1135

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial