正文

Microsoft NNTP XPAT命令远程缓冲区错误漏洞(MS04-036)

admin
admin V管理员 /0 评论 /8 阅读
1231
此篇文章发布距今已超过1282天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Microsoft NNTP XPAT命令远程缓冲区错误漏洞(MS04-036)

  • CNNVD编号:CNNVD-200411-018
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2004-0574
  • 漏洞类型: 缓冲区错误
  • 发布时间: 2004-10-12
  • 威胁类型: 远程
  • 更新时间: 2020-04-10
  • 厂        商: microsoft
  • 漏洞来源: Lucas Lavarello J...

漏洞简介

Microsoft NNTP组件是用于对新闻组服务器支持。Microsoft NNTP服务器对XPAT命令处理缺少正确的缓冲区边界检查,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。XPAT命令用于接收指定文章中的特殊头字段信息,命令格式如下:XPAT header range|<message-id> pat [pat...]问题存在于XPAT处理用户提供的ASCII值并转换为2字节字符存放到缓冲区中。NNTP服务分配4000字节缓冲区用于存储转换XPAT查询的2字节字符格式,它使用初始化设置为\'\'2000\'\'值的全局计数器跟踪缓冲区还剩下多少字节,由于对变量的比较缺少正确处理,可导致产生基于off-by-two的堆溢出,精心构建提交数据可能以进程权限在系统上执行任意指令。

漏洞公告

厂商补丁:

Microsoft

---------

Microsoft已经为此发布了一个安全公告(MS04-036)以及相应补丁:

MS04-036:Vulnerability in NNTP Could Allow Remote Code Execution (883935)

链接:

http://www.microsoft.com/technet/security/bulletin/MS04-036.mspx" target="_blank">

http://www.microsoft.com/technet/security/bulletin/MS04-036.mspx

补丁下载:

Microsoft Windows NT Server 4.0 Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=0126B7AC-9C78-45C5-8AC7-E0E8CA4B6DEE" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=0126B7AC-9C78-45C5-8AC7-E0E8CA4B6DEE

Microsoft Windows 2000 Server Service Pack 3 and Microsoft Windows 2000 Server Service Pack 4

http://www.microsoft.com/downloads/details.aspx?FamilyId=54A86560-4A0C-4E2F-A137-D8EE905A674A" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=54A86560-4A0C-4E2F-A137-D8EE905A674A

Microsoft Windows Server? 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=DCB1CB73-A426-40D8-BD14-B458C7915815" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=DCB1CB73-A426-40D8-BD14-B458C7915815

Microsoft Windows Server 2003 64-Bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=1A8C4D7A-2F85-4CDD-8CC9-E2E1817403DF" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=1A8C4D7A-2F85-4CDD-8CC9-E2E1817403DF

参考网址

来源:CERT-VN

链接:http://www.kb.cert.org/vuls/id/203126

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/17641

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/17661

来源:BUGTRAQ

链接:http://marc.info/?l=bugtraq&m=109761632831563&w=2

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A246

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5926

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5070

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5021

来源:MISC

链接:http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4392

来源:MS

链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-036

来源:CIAC

链接:http://www.ciac.org/ciac/bulletins/p-012.shtml

受影响实体

  • Microsoft Windows_nt:4.0:Server  
    <!--
    2000-1-1
    -->
  • Microsoft Windows_2003_server:R2  
    <!--
    2000-1-1
    -->
  • Microsoft Exchange_server:2003  
    <!--
    2000-1-1
    -->
  • Microsoft Windows_2000:Server  
    <!--
    2000-1-1
    -->
  • Microsoft Exchange_server:2000  
    <!--
    2000-1-1
    -->

补丁

  • Microsoft NNTP XPAT命令远程缓冲区错误漏洞(MS04-036)的修复措施
    <!--
    2004-10-12
    -->