安全研究

安全漏洞
Microsoft WINS内存覆盖任意指令执行漏洞

发布日期:2004-11-27
更新日期:2004-11-29

受影响系统:
Microsoft Windows NT 4.0 Server
Microsoft Windows 2003 Web Edition
Microsoft Windows 2003 Standard Edition
Microsoft Windows 2003 Enterprise Edition
Microsoft Windows 2003 Datacenter Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advance Server
不受影响系统:
Microsoft Windows XP
Microsoft Windows 2000 Professional
描述:
BUGTRAQ  ID: 11763
CVE(CAN) ID: CVE-2004-1080

WINS是Microsoft NetBIOS名字服务,用于解析NetBIOS计算机名到IP地址。

Wins.exe对特殊WINS包处理不正确,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。

WINS有一个功能叫WINS复制,用于一个和多个WINS服务器交换其网络中的电脑信息,WINS复制通过Microsoft私有协议经过TCP 42端口完成,在这个协议流程中,内存指针会从服务器发送给客户端,而客户端使用这个与服务器进行会话。如果特殊构建的WINS包发送给服务器,攻击者可以控制指针,指向攻击者控制的服务器,最后可以写任何地址的16字节,精心构建提交数据可能以进程权限在系统上执行任意指令。

<*来源:Nicolas Waisman (nicolas.waisman@immunitysec.com
  
  链接:http://www.immunitysec.com/downloads/instantanea.pdf
        http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx
*>

建议:
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 在边界网络设备上阻断对内部TCP 42和UDP 137端口的访问。

* 如果不需要的话,删除WINS:
    在“控制面板”中,开启“添加/删除程序”。
    点击“添加/删除 Windows 组件”。
    在“Windows 组件向导”页面中,在“组件”之下选择“网络服务”,再点击“详细资料”。
    取消核选“Windows Internet 命名服务 (WINS)”复选框以移除该组件。
    依照Windows 组件向导的指示,完成后续的步骤。

厂商补丁:

Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS04-045)以及相应补丁:
MS04-045:Vulnerability in WINS Could Allow Remote Code Execution (870763)
链接:http://www.microsoft.com/technet/security/bulletin/MS04-045.mspx

补丁下载:

Microsoft Windows Server 2003 Datacenter Edition

Microsoft Upgrade Security Update for Windows Server 2003 (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=10836F38-A38B -47D5-B87B-18D8E26EEFAA&displaylang=en


Microsoft Windows 2000 Advanced Server SP4

Microsoft Upgrade Security Update for Windows 2000 (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=40146B52-5546 -489E-857E-01FE1EF709B2&displaylang=en


Microsoft Windows Server 2003 Enterprise Edition

Microsoft Upgrade Security Update for Windows Server 2003 (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=10836F38-A38B -47D5-B87B-18D8E26EEFAA&displaylang=en


Microsoft Windows Server 2003 Web Edition

Microsoft Upgrade Security Update for Windows Server 2003 (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=10836F38-A38B -47D5-B87B-18D8E26EEFAA&displaylang=en


Microsoft Windows 2000 Advanced Server SP3

Microsoft Upgrade Security Update for Windows 2000 (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=40146B52-5546 -489E-857E-01FE1EF709B2&displaylang=en


Microsoft Windows Server 2003 Enterprise Edition 64-bit

Microsoft Upgrade Security Update for Windows Server 2003 64-bit Edition (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=06CF9E85-C66D -4A7D-B2EB-99DE9423B60F&displaylang=en


Microsoft Windows 2000 Server SP3

Microsoft Upgrade Security Update for Windows 2000 (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=40146B52-5546 -489E-857E-01FE1EF709B2&displaylang=en


Microsoft Windows Server 2003 Standard Edition

Microsoft Upgrade Security Update for Windows Server 2003 (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=10836F38-A38B -47D5-B87B-18D8E26EEFAA&displaylang=en


Microsoft Windows 2000 Server SP4

Microsoft Upgrade Security Update for Windows 2000 (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=40146B52-5546 -489E-857E-01FE1EF709B2&displaylang=en


Microsoft Windows Server 2003 Datacenter Edition 64-bit

Microsoft Upgrade Security Update for Windows Server 2003 64-bit Edition (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=06CF9E85-C66D -4A7D-B2EB-99DE9423B60F&displaylang=en


Microsoft Windows NT Server 4.0 SP6a

Microsoft Upgrade Security Update for Windows NT (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=38E9DB8C-5C43 -4E9A-9DC9-97C2686A45F1&displaylang=en


Microsoft Windows NT Terminal Server 4.0 SP6

Microsoft Upgrade Security Update for Windows NT Server 4.0, Terminal Server Edition (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=D7AB3F6F-26FE -4AE8-A07A-481D772D03A6&displaylang=en


Microsoft Windows NT Enterprise Server 4.0 SP6a

Microsoft Upgrade Security Update for Windows NT (KB870763)
http://www.microsoft.com/downloads/details.aspx?familyid=38E9DB8C-5C43 -4E9A-9DC9-97C2686A45F1&displaylang=en

浏览次数:5130
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障