精华区文章阅读

发信人: joyfree (闭关修行-烦着呢，别理我), 信区: Software
标  题: 斑竹深受其害，推荐文章RPC漏洞一篇
发信站: 哈工大紫丁香 (2003年08月12日00:49:17 星期二), 站内信件

Microsoft Windows DCOM RPC 界面缓冲区溢位漏洞
危险程度
高
发现日期
07-16-2003
说明
Microsoft Windows 的一个缓冲区溢位漏洞据称可以被在 TCP/UDP 端口135监听的DCOM
RPC 接口远程探测利用。问题源于对客户DCOM 对象激活请求的不充分范围检查。利用
该漏洞可以以本机计算机权限在受感染的计算机上执行恶意操作。
其它RPC Endpoint Mapper 监听的埠比如 TCP139、135、445 和593埠也可能存在类似问
题，这一点尚未被证实。在一些设置下Endpoint Mapper 在 80 端口接收通讯流量。
更新
7-31-2003：尽管在过去五天活动量激增，大部分的扫描活动局限于较小数目的被控端计
算机。现在还没有证据表明存在成功利用此漏洞的计算机病虫。自从几个星期前该漏洞
宣布以来，尽管该埠上的活动级别持续上升，拥有较强筛选服务和经常检查修补程序的
机构还是相对安全的。
Enterprise Security Manager
赛门铁克已经针对这个漏洞发布了Enterprise Security Manager 应变政策。阅读请按
此处。
Norton Internet Security / Norton Internet Security Professional
赛门铁克已经通过 LiveUpdate 为这些产品发布了针对这个漏洞的更新程序。请产品用
户执刑 LiveUpdate 来获取针对此威胁的防护。
Symantec Client Firewall
赛门铁克已经发布了能够探测利用该漏洞入侵的企图的更新程序。请产品用户执刑 Liv
eUpdate 来获取针对此威胁的防护。
Symantec Gateway Security
赛门铁克已经通过 LiveUpdate 为产品发布了探测此漏洞的更新程序。请产品用户执刑
LiveUpdate 来获取针对此威胁的防护。
Symantec ManHunt 3.0
赛门铁克已经通过 LiveUpdate 为 Symantec ManHunt 3.0 用户发布了更新程序。请按
下此处阅读更多讯息。
Symantec Vulnerability Assessment
赛门铁克漏洞评估探测并报告这个漏洞。按下此处阅读更多讯息。
受影响的组件
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Datacenter Edition 64-bit
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Enterprise Edition 64-bit
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
建议
除非是外部服务要求，否则请在网络边界拦截外部存取。向TCP 135 端口发出恶意通讯
的被控端计算机会试图利用这个漏洞。对该埠的外部存取的筛选应该通过网络外围设备
进行。只对可信赖的或内部被控端计算机开放存取。
实施多冗余安全层。
应当实施多个不同的网络访问控制层，用以限制一层故障所造成的影响，并且保护网络
设备免受恶意方所进行的攻击。应当部署茸余网络设备，用以减轻影响网络资源可用性
的攻击所造成的不良后果。
Microsoft 已经针对此发布了修补程序：
Microsoft Windows 2000 Advanced Server SP4:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F
-220354449117&displaylang=en
Microsoft Windows 2000 Advanced Server SP3:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F
-220354449117&displaylang=en
Microsoft Windows 2000 Advanced Server SP2:
Microsoft Windows 2000 Advanced Server SP1:
Microsoft Windows 2000 Advanced Server :
Microsoft Windows 2000 Datacenter Server SP4:
Microsoft Windows 2000 Datacenter Server SP3:
Microsoft Windows 2000 Datacenter Server SP2:
Microsoft Windows 2000 Datacenter Server SP1:
Microsoft Windows 2000 Datacenter Server :
Microsoft Windows 2000 Professional SP4:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F
-220354449117&displaylang=en
Microsoft Windows 2000 Professional SP3:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F
-220354449117&displaylang=en
Microsoft Windows 2000 Professional SP2:
Microsoft Windows 2000 Professional SP1:
Microsoft Windows 2000 Professional :
Microsoft Windows 2000 Server SP4:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F
-220354449117&displaylang=en
Microsoft Windows 2000 Server SP3:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F
-220354449117&displaylang=en
Microsoft Windows 2000 Server SP2:
Microsoft Windows 2000 Server :
Microsoft Windows NT Enterprise Server 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF
-DF77A0B9303F&displaylang=en
Microsoft Windows NT Enterprise Server 4.0:
Microsoft Windows NT Server 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF
-DF77A0B9303F&displaylang=en
Microsoft Windows NT Server 4.0 SP6:
Microsoft Windows NT Server 4.0 SP5:
Microsoft Windows NT Server 4.0 SP4:
Microsoft Windows NT Server 4.0 SP3:
Microsoft Windows NT Server 4.0 SP2:
Microsoft Windows NT Server 4.0 SP1:
Microsoft Windows NT Server 4.0:
Microsoft Windows NT Terminal Server 4.0 SP6a:
Microsoft Windows NT Terminal Server 4.0 SP6:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=6C0F0160-64FA-424C-A3C1
-C9FAD2DC65CA&displaylang=en
Microsoft Windows NT Terminal Server 4.0 SP5:
Microsoft Windows NT Terminal Server 4.0 SP4:
Microsoft Windows NT Terminal Server 4.0 SP3:
Microsoft Windows NT Terminal Server 4.0 SP2:
Microsoft Windows NT Terminal Server 4.0 SP1:
Microsoft Windows NT Terminal Server 4.0:
Microsoft Windows NT Workstation 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF
-DF77A0B9303F&displaylang=en
Microsoft Windows NT Workstation 4.0 SP6:
Microsoft Windows NT Workstation 4.0 SP5:
Microsoft Windows NT Workstation 4.0 SP4:
Microsoft Windows NT Workstation 4.0 SP3:
Microsoft Windows NT Workstation 4.0 SP2:
Microsoft Windows NT Workstation 4.0 SP1:
Microsoft Windows NT Workstation 4.0:
Microsoft Windows Server 2003 Datacenter Edition :
Microsoft Windows Server 2003 Datacenter Edition 64-bit :
Microsoft Windows Server 2003 Enterprise Edition :
Microsoft Patch WindowsServer2003-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=F8E0FF3A-9F4C-4061-9009
-3A212458E92E&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition 64-bit :
Microsoft Patch WindowsServer2003-KB823980-ia64-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=2B566973-C3F0-4EC1-995F
-017E35692BC7&displaylang=en
Microsoft Windows Server 2003 Standard Edition :
Microsoft Patch WindowsServer2003-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=F8E0FF3A-9F4C-4061-9009
-3A212458E92E&displaylang=en
Microsoft Windows Server 2003 Web Edition :
Microsoft Patch WindowsServer2003-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=F8E0FF3A-9F4C-4061-9009
-3A212458E92E&displaylang=en
Microsoft Windows XP 64-bit Edition SP1:
Microsoft Patch WindowsXP-KB823980-ia64-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=1B00F5DF-4A85-488F-80E3
-C347ADCC4DF1&displaylang=en
Microsoft Windows XP 64-bit Edition :
Microsoft Windows XP Home SP1:
Microsoft Patch WindowsXP-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532
-3DE40F69C074&displaylang=en
Microsoft Windows XP Home :
Microsoft Windows XP Professional SP1:
Microsoft Patch WindowsXP-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532
-3DE40F69C074&displaylang=en
Microsoft Windows XP Professional :
参考
来源： Microsoft Security Bulletin MS03-026
URL: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secu
rity/bulletin/MS03-026.asp
感謝
The Last Stage of Delirium Research Group 发现了此漏洞。

--
如果C#有用的话，还要JAVA干什么？          | Browser就是未来的桌面
曾经是C++的奴隶，                          | JAVA VM就是未来的OS
直到有一天JAVA的到来，彻底的改变了我的生活 | APPLET就是未来的程序
JAVA:我选择，我喜欢。                       |硬盘速度能超过Ethernet么?
（想学好JAVA，建议参看我的说明档）         |你还在等待什么？

※ 来源:·哈工大紫丁香 bbs.hit.edu.cn·[FROM: 202.118.224.14]

Software 版 (精华区)