CVE-2002-0054
CVSS7.5
发布时间 :2002-03-08 00:00:00
修订时间 :2016-10-17 22:15:35
NMCO    

[原文]SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.


[CNNVD]Microsoft Windows SMTP服务绕过认证漏洞(MS02-011)(CNNVD-200203-016)

        
        Windows系统的IIS服务器自带了一个SMTP服务器组件。
        Windows 2000 SMTP服务和Exchange Server 5.5 Internet Mail Connector服务对发信认证的实现上存在漏洞,可以使本地局域网攻击者得到主机的用户级非法访问权限。
        IIS的SMTP组件支持SMTP AUTH认证命令,它支持NTLM认证选项,目的是允许用户用NTLM认证方式认证自己。然而NTLM支持空会话方式,一个匿名用户可能用这种方式"认证"自己,当这种认证完成以后,用户就被准许转发邮件了。Exchange 2000被证实不受此漏洞影响。
        <*链接:http://archives.neohapsis.com/archives/bugtraq/2002-02/0372.html
         http://www.microsoft.com/technet/security/bulletin/MS02-011.asp
        *>

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_2000:::advanced_server
cpe:/o:microsoft:windows_2000::sp1:professionalMicrosoft Windows 2000 Professional SP1
cpe:/o:microsoft:windows_2000::sp2:professionalMicrosoft Windows 2000 Professional SP2
cpe:/o:microsoft:windows_2000:::datacenter_server
cpe:/o:microsoft:windows_2000::sp2:advanced_serverMicrosoft Windows 2000 Advanced Server SP2
cpe:/o:microsoft:windows_2000::sp1:advanced_serverMicrosoft Windows 2000 Advanced Server SP1
cpe:/o:microsoft:windows_2000::sp1:serverMicrosoft Windows 2000 Server SP1
cpe:/o:microsoft:windows_2000:::server
cpe:/a:microsoft:exchange_server:5.5Microsoft exchange_srv 5.5
cpe:/o:microsoft:windows_2000::sp1:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP1
cpe:/o:microsoft:windows_2000::sp2:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP2
cpe:/a:microsoft:exchange_server:5.5:sp2Microsoft Exchange Server 5.5 Service Pack 2
cpe:/o:microsoft:windows_2000:::professional
cpe:/a:microsoft:exchange_server:5.5:sp3Microsoft Exchange Server 5.5 Service Pack 3
cpe:/a:microsoft:exchange_server:5.5:sp1Microsoft Exchange Server 5.5 Service Pack 1
cpe:/a:microsoft:exchange_server:5.5:sp4Microsoft Exchange Server 5.5 Service Pack 4
cpe:/o:microsoft:windows_2000::sp2:serverMicrosoft Windows 2000 Server SP2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0054
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0054
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-016
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101501580409373&w=2
(UNKNOWN)  BUGTRAQ  20020301 IIS SMTP component allows mail relaying via Null Session
http://www.microsoft.com/technet/security/bulletin/ms02-011.asp
(VENDOR_ADVISORY)  MS  MS02-011
http://www.securityfocus.com/bid/4205
(VENDOR_ADVISORY)  BID  4205

- 漏洞信息

Microsoft Windows SMTP服务绕过认证漏洞(MS02-011)
高危 未知
2002-03-08 00:00:00 2005-08-17 00:00:00
远程  
        
        Windows系统的IIS服务器自带了一个SMTP服务器组件。
        Windows 2000 SMTP服务和Exchange Server 5.5 Internet Mail Connector服务对发信认证的实现上存在漏洞,可以使本地局域网攻击者得到主机的用户级非法访问权限。
        IIS的SMTP组件支持SMTP AUTH认证命令,它支持NTLM认证选项,目的是允许用户用NTLM认证方式认证自己。然而NTLM支持空会话方式,一个匿名用户可能用这种方式"认证"自己,当这种认证完成以后,用户就被准许转发邮件了。Exchange 2000被证实不受此漏洞影响。
        <*链接:http://archives.neohapsis.com/archives/bugtraq/2002-02/0372.html
         http://www.microsoft.com/technet/security/bulletin/MS02-011.asp
        *>

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 如果您不需要提供SMTP服务,关闭此服务。
        * 对SMTP服务端口进行访问控制,确信只有合法用户能够访问。
        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS02-011)以及相应补丁:
        MS02-011:Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS02-011.asp

        补丁下载:
        Microsoft Windows 2000 Server, Professional and Advanced Server:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=_36556

        Exchange Server 5.5:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=33423

- 漏洞信息

10247
Microsoft Windows SMTP Service NTLM Null Session Mail Relay
Remote / Network Access Authentication Management
Impact Unknown
Exploit Public

- 漏洞描述

Windows SMTP service contains a flaw that may allow a malicious user to bypass mail relay restrictions. The issue is triggered when a user successfully authenticates to the server using NTLM authentication, which causes the server to bypass further mail relay checks. It is possible that the flaw may allow unauthorized mail relaying.

- 时间线

2004-04-08 Unknow
2004-04-08 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站