CVE-2002-0224
CVSS5.0
发布时间 :2002-05-16 00:00:00
修订时间 :2008-09-10 20:00:44
NMCOS    

[原文]The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.


[CNNVD]Microsoft MSDTC服务拒绝服务攻击漏洞(MS02-018)(CNNVD-200205-013)

        
        Microsoft分布式处理协调服务(Distributed Transaction Service Coordinator)用于协调一个集群环境的分布式处理任务。它默认安装在Windows 2000高级服务器和数据中心服务器上,一起安装还有Microsoft SQL Server 6.5及更高版本。
        MSDTC实现上存在漏洞,可以使远程攻击者对服务器程序实施拒绝服务攻击。
        向MSDTC服务的3372端口发送1024个字节的随机数据可能会导致服务进程崩溃。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_2000::sp1:professionalMicrosoft Windows 2000 Professional SP1
cpe:/o:microsoft:windows_2000:::datacenter_server
cpe:/o:microsoft:windows_2000::sp1:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP1
cpe:/o:microsoft:windows_2000::sp1:serverMicrosoft Windows 2000 Server SP1
cpe:/a:microsoft:sql_server:2000:sp2Microsoft SQLServer 2000 Service Pack 2
cpe:/o:microsoft:windows_2000::sp2:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP2
cpe:/a:microsoft:sql_server:7.0:sp2Microsoft SQL Server 7.0 Service Pack 2
cpe:/a:microsoft:sql_server:7.0:sp3Microsoft SQL Server 7.0 Service Pack 3
cpe:/o:microsoft:windows_2000::sp2:advanced_serverMicrosoft Windows 2000 Advanced Server SP2
cpe:/o:microsoft:windows_2000:::server
cpe:/o:microsoft:windows_2000::sp1:advanced_serverMicrosoft Windows 2000 Advanced Server SP1
cpe:/a:microsoft:sql_server:2000:sp1Microsoft SQLServer 2000 Service Pack 1
cpe:/o:microsoft:windows_2000::sp2:professionalMicrosoft Windows 2000 Professional SP2
cpe:/o:microsoft:windows_2000:::advanced_server
cpe:/o:microsoft:windows_2000::sp2:serverMicrosoft Windows 2000 Server SP2
cpe:/a:microsoft:sql_server:6.5Microsoft SQLServer 6.5
cpe:/o:microsoft:windows_2000:::professional
cpe:/a:microsoft:sql_server:7.0:sp1Microsoft SQL Server 7.0 Service Pack 1
cpe:/a:microsoft:internet_information_server:5.0
cpe:/a:microsoft:sql_server:2000Microsoft SQL Server 2000
cpe:/a:microsoft:sql_server:7.0Microsoft SQLServer 7.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0224
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0224
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200205-013
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/4006
(UNKNOWN)  BID  4006
http://www.iss.net/security_center/static/8046.php
(UNKNOWN)  XF  msdtc-default-port-dos(8046)
http://online.securityfocus.com/archive/1/268593
(VENDOR_ADVISORY)  BUGTRAQ  20020419 KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS
http://online.securityfocus.com/archive/1/253360
(VENDOR_ADVISORY)  BUGTRAQ  20020131 msdtc on 3372

- 漏洞信息

Microsoft MSDTC服务拒绝服务攻击漏洞(MS02-018)
中危 其他
2002-05-16 00:00:00 2006-09-01 00:00:00
远程  
        
        Microsoft分布式处理协调服务(Distributed Transaction Service Coordinator)用于协调一个集群环境的分布式处理任务。它默认安装在Windows 2000高级服务器和数据中心服务器上,一起安装还有Microsoft SQL Server 6.5及更高版本。
        MSDTC实现上存在漏洞,可以使远程攻击者对服务器程序实施拒绝服务攻击。
        向MSDTC服务的3372端口发送1024个字节的随机数据可能会导致服务进程崩溃。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 对MSDTC的访问端口进行访问控制,确认只有合法的用户能够连接。
        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS02-018)以及相应补丁:
        MS02-018:Cumulative Patch for Internet Information Services (Q319733)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS02-018.asp

        补丁下载:
         * Microsoft IIS 4.0:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37931

         * Microsoft IIS 5.0:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37824

         * Microsoft IIS 5.1:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37857

- 漏洞信息

13434
Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-01-31 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft MSDTC Service Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 4006
Yes No
2002-01-31 12:00:00 2009-07-11 09:56:00
This vulnerability was reported by palante@subterrain.net.

- 受影响的程序版本

Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Microsoft SQL Server 2000 SP2
Microsoft SQL Server 2000 SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
Microsoft SQL Server 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0
Microsoft SQL Server 7.0 SP3 alpha
Microsoft SQL Server 7.0 SP3
- Microsoft SQL Server 7.0
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP2 alpha
Microsoft SQL Server 7.0 SP2
- Microsoft SQL Server 7.0
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP1 alpha
Microsoft SQL Server 7.0 SP1
- Microsoft SQL Server 7.0
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 alpha
Microsoft SQL Server 7.0
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft SQL Server 6.5
Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server

- 漏洞讨论

The Microsoft Distributed Transaction Service Coordinator (MSDTC) allows for ditributed transaction processing in a clustered or distributed environment. It is installed by default on Windows 2000, as well as with Microsoft SQL Server 6.5 and higher.

It has been reported that it is possible to cause this service to crash by sending 1024 bytes of random data to its listening port, by default port 3372.

Restarting the service will reportedly allow it to resume normal operation.

The existence of this vulnerability has not been confirmed by Microsoft.

* Further reports indicate that sending approximately 20200 null bytes to the service, will cause the entire system to become unresponsive.

- 漏洞利用

No exploit code is necessary for this vulnerability.

- 解决方案

A reliable source has indicated that the patches released in Microsoft Security Bulletin MS02-018 address this issue. However, this has not been confirmed, as this issue is not mentioned in the Microsoft bulletin.

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站