CVE-2002-0366
CVSS7.2
发布时间 :2002-07-03 00:00:00
修订时间 :2008-09-05 16:27:50
NMCO    

[原文]Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.


[CNNVD]Microsoft Windows 2000远程访问服务本地缓冲区溢出漏洞(MS02-029)(CNNVD-200207-033)

        
        Microsoft Windows系统中包含远程访问服务(RAS)允许计算机利用拨号连接访问远端网络。
        Microsoft Windows中的RAS服务实现上存在漏洞,可导致本地攻击者进行缓冲区溢出攻击。
        Microsoft Windows RAS服务的rasphone.pbk文件存放了拨号属性如拨号号码、安全及网络设置等用于连接远端网络的信息。RAS的实现对rasphone.pbk文件中条目解释处理存在缓冲区溢出漏洞,可导致本地攻击者利用特殊超长的条目进行缓冲区溢出,以SYSTEM的权限在目标系统中执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_nt:4.0::terminal_server
cpe:/o:microsoft:windows_nt:4.0:sp1:serverMicrosoft Windows 4.0 sp1 server
cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server
cpe:/o:microsoft:windows_2000::sp1:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP1
cpe:/o:microsoft:windows_nt:4.0::server
cpe:/o:microsoft:windows_nt:4.0:sp5:workstationMicrosoft Windows 4.0 sp5 workstation
cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:workstationMicrosoft Windows 4.0 sp3 workstation
cpe:/o:microsoft:windows_xp::gold:professionalMicrosoft Windows XP Professional Gold
cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP6a
cpe:/o:microsoft:windows_nt:4.0::enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp6a:workstationMicrosoft Windows 4.0 sp6a workstation
cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server
cpe:/o:microsoft:windows_2000::sp2:advanced_serverMicrosoft Windows 2000 Advanced Server SP2
cpe:/o:microsoft:windows_2000::sp2:professionalMicrosoft Windows 2000 Professional SP2
cpe:/o:microsoft:windows_2000:::advanced_server
cpe:/o:microsoft:windows_nt:4.0:sp1:workstationMicrosoft Windows 4.0 sp1 workstation
cpe:/o:microsoft:windows_nt:4.0:sp2:workstationMicrosoft Windows 4.0 sp2 workstation
cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp4:workstationMicrosoft Windows 4.0 sp4 workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server
cpe:/o:microsoft:windows_2000:::professional
cpe:/o:microsoft:windows_nt:4.0:sp6a:serverMicrosoft Windows 4.0 sp6a server
cpe:/o:microsoft:windows_2000::sp1:professionalMicrosoft Windows 2000 Professional SP1
cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP6
cpe:/o:microsoft:windows_2000:::datacenter_server
cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_2000::sp1:serverMicrosoft Windows 2000 Server SP1
cpe:/o:microsoft:windows_nt:4.0:sp2:serverMicrosoft Windows 4.0 sp2 server
cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server
cpe:/o:microsoft:windows_nt:4.0:sp3:serverMicrosoft Windows 4.0 sp3 server
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP4
cpe:/o:microsoft:windows_2000::sp2:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP2
cpe:/o:microsoft:windows_2000:::server
cpe:/o:microsoft:windows_nt:4.0:sp5:serverMicrosoft Windows 4.0 sp5 server
cpe:/o:microsoft:windows_2000::sp1:advanced_serverMicrosoft Windows 2000 Advanced Server SP1
cpe:/o:microsoft:windows_nt:4.0::workstation
cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP5
cpe:/o:microsoft:windows_nt:4.0:sp6:serverMicrosoft Windows 4.0 sp6 server
cpe:/o:microsoft:windows_2000::sp2:serverMicrosoft Windows 2000 Server SP2
cpe:/o:microsoft:windows_nt:4.0:sp6:workstationMicrosoft Windows 4.0 sp6 workstation
cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP1
cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP2
cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_serverMicrosoft Windows NT Terminal Server 4.0 SP3
cpe:/o:microsoft:windows_nt:4.0:sp4:serverMicrosoft Windows 4.0 sp4 server

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:63Windows 2000 Remote Access Service Phonebook Buffer Overflow
oval:org.mitre.oval:def:61Windows NT Remote Access Service Phonebook Buffer Overflow
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0366
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0366
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200207-033
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/4852
(VENDOR_ADVISORY)  BID  4852
http://www.microsoft.com/technet/security/bulletin/MS02-029.asp
(VENDOR_ADVISORY)  MS  MS02-029
http://www.nextgenss.com/vna/ms-ras.txt
(VENDOR_ADVISORY)  MISC  http://www.nextgenss.com/vna/ms-ras.txt
http://online.securityfocus.com/archive/1/278145
(UNKNOWN)  BUGTRAQ  20020620 VPN and Q318138
http://online.securityfocus.com/archive/1/276776
(UNKNOWN)  BUGTRAQ  20020613 Microsoft RASAPI32.DLL

- 漏洞信息

Microsoft Windows 2000远程访问服务本地缓冲区溢出漏洞(MS02-029)
高危 未知
2002-07-03 00:00:00 2005-05-02 00:00:00
本地  
        
        Microsoft Windows系统中包含远程访问服务(RAS)允许计算机利用拨号连接访问远端网络。
        Microsoft Windows中的RAS服务实现上存在漏洞,可导致本地攻击者进行缓冲区溢出攻击。
        Microsoft Windows RAS服务的rasphone.pbk文件存放了拨号属性如拨号号码、安全及网络设置等用于连接远端网络的信息。RAS的实现对rasphone.pbk文件中条目解释处理存在缓冲区溢出漏洞,可导致本地攻击者利用特殊超长的条目进行缓冲区溢出,以SYSTEM的权限在目标系统中执行任意指令。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 为rasphone.pbk文件设置正确的权限,确保低权限用户不能编辑。
        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS02-029)以及相应补丁:
        MS02-029:Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS02-029.asp

        补丁下载:
         * Microsoft Windows NT 4.0:
        
        http://www.microsoft.com/ntserver/nts/downloads/security/q318138/default.asp

         * Microsoft Windows NT 4.0 running RRAS (English Only):
        
        http://www.microsoft.com/ntserver/nts/downloads/security/q318138/default.asp

         * Microsoft Windows NT 4.0 Terminal Server Edition:
        
        http://www.microsoft.com/ntserver/terminalserver/downloads/security/q318138/default.asp

         * Microsoft Windows NT 4.0 Terminal Server Edition running RRAS
         (English Only):
        
        http://www.microsoft.com/ntserver/terminalserver/downloads/security/q318138/default.asp

         * Microsoft Windows 2000:
        
        http://www.microsoft.com/windows2000/downloads/security/q318138/default.asp

         * Microsoft Windows XP:
        
        http://www.microsoft.com/downloads/release.asp?ReleaseID=38833

         * Microsoft Windows XP 64-bit Edition:
        
        http://www.microsoft.com/downloads/release.asp?ReleaseID=39011

- 漏洞信息

837
Microsoft Windows RAS Phonebook dial-up String Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-06-13 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站