首页 -> 安全研究

安全研究

安全漏洞
Microsoft Windows SMB签名组策略修改漏洞(MS02-070)

发布日期:2002-12-11
更新日期:2002-12-17

受影响系统:
Microsoft Windows XP Professional
Microsoft Windows XP Home
Microsoft Windows 2000SP3
Microsoft Windows 2000SP2
Microsoft Windows 2000SP1
Microsoft Windows 2000
不受影响系统:
Microsoft Windows XP Professional SP1
Microsoft Windows XP Home SP1
描述:
BUGTRAQ  ID: 6367
CVE(CAN) ID: CVE-2002-1256

Server Message Block (SMB)协议在所有Windows版本中支持,虽然名义上是文件共享协议,但它可用于其他用途,重要的一条是可以从域控制器传播组策略给新登录的系统。在Windows 2000系统开始,通过在会话中对所有包数字签名来提供SMB会话的完整性。Windows 2000和XP可以配置成总是使用签名或如果只在第三方需要时签名。

Windows 2000和XP系统中的SMB签名实现存在缺陷,远程攻击者可以利用这个漏洞在没有任何提示的情况下降低SMB签名设置,进行更改SMB会话数据等非法操作。

要利用这个漏洞,攻击者需要能够访问在客户端和服务器端交换的会话协商数据,并进行修改。这样可以导致即使管理员设置了签名策略,系统双方会发送未签名数据,在降低签名设置后,攻击者可以继续监听听会话和更改数据;缺少签名可以防止通信更改被检测到。

虽然这个漏洞一般只能干预,篡改任意SMB会话,但是严重的情况是更改从域控制器传播给新登录系统的组策略信息,这样可以导致攻击者进行增加用户到本地管理员组或者执行任意系统代码等非法操作。

<*来源:Microsoft Security Bulletin
  
  链接:http://www.microsoft.com/technet/security/bulletin/MS02-070.asp
*>

建议:
厂商补丁:

Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS02-070)以及相应补丁:
MS02-070:Flaw in SMB Signing Could Enable Group Policy to be Modified (309376)
链接:http://www.microsoft.com/technet/security/bulletin/MS02-070.asp

Windows XP service pack 1已经修复了该漏洞。其它系统的补丁从如下地址下载:

Microsoft Windows 2000 Professional SP3:
      Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja
      Microsoft Windows 2000 Japanese NEC
      Microsoft Patch Q329170_W2K_SP4_X86_EN.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en
Microsoft Windows 2000 Server SP3:
      Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja
      Microsoft Windows 2000 Japanese NEC
      Microsoft Patch Q329170_W2K_SP4_X86_EN.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en
Microsoft Windows 2000 Advanced Server SP3:
      Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja
      Microsoft Windows 2000 Japanese NEC
      Microsoft Patch Q329170_W2K_SP4_X86_EN.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en
Microsoft Windows 2000 Terminal Services SP3:
      Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja
      Microsoft Windows 2000 Japanese NEC
      Microsoft Patch Q329170_W2K_SP4_X86_EN.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en
Microsoft Windows 2000 Datacenter Server SP3:
      Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja
      Microsoft Windows 2000 Japanese NEC
      Microsoft Patch Q329170_W2K_SP4_X86_EN.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en
Microsoft Windows 2000 Advanced Server SP2:
      Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja
      Microsoft Windows 2000 Japanese NEC
      Microsoft Patch Q329170_W2K_SP4_X86_EN.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en
Microsoft Windows 2000 Datacenter Server SP2:
      Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja
      Microsoft Windows 2000 Japanese NEC
      Microsoft Patch Q329170_W2K_SP4_X86_EN.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en
Microsoft Windows 2000 Professional SP2:
      Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja
      Microsoft Windows 2000 Japanese NEC
      Microsoft Patch Q329170_W2K_SP4_X86_EN.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en
Microsoft Windows 2000 Server SP2:
      Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja
      Microsoft Windows 2000 Japanese NEC
      Microsoft Patch Q329170_W2K_SP4_X86_EN.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en
Microsoft Windows 2000 Terminal Services SP2:
      Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja
      Microsoft Windows 2000 Japanese NEC
      Microsoft Patch Q329170_W2K_SP4_X86_EN.exe
      http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en

浏览次数:3743
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客