CVE-2002-0869
CVSS7.5
发布时间 :2002-11-12 00:00:00
修订时间 :2016-10-17 22:22:50
NMCOS    

[原文]Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation."


[CNNVD]Microsoft IIS进程外运行应用进程可导致权限提升漏洞(MS02-062)(CNNVD-200211-016)

        
        Microsoft IIS是一款由微软公司开发的HTTP服务程序。
        Microsoft IIS服务程序对于进程外运行的应用进程的权限处理上存在漏洞,攻击者可能利用这个漏洞进行权限提升攻击。
        默认设置hosting进程(dllhost.exe)一般以IWAM_computername帐户的安全上下文运行,在某些情况下hosting进程可能象IIS ISAPI扩展一样以LocalSystem权限执行应用程序。
        不过只有已经能够在受影响的web server中上载和执行应用程序的攻击者才能利用本漏洞。正常安全实践不建议允许不可信用户在服务器中上载应用程序,即使可信用户的应用程序也须在上载前进行仔细检查。
        <*链接:http://www.microsoft.com/technet/security/bulletin/MS02-062.asp
        *>

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:internet_information_server:5.1Microsoft IIS 5.1
cpe:/a:microsoft:internet_information_server:5.0
cpe:/a:microsoft:internet_information_server:4.0Microsoft IIS 4.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:983Windows XP IIS Out of Process Privilege Elevation Vulnerability
oval:org.mitre.oval:def:930Windows 2000 IIS Out of Process Privilege Elevation Vulnerability
oval:org.mitre.oval:def:929Windows NT IIS Out of Process Privilege Elevation Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0869
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0869
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200211-016
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html
(UNKNOWN)  VULNWATCH  20021104 [A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002)
http://marc.info/?l=bugtraq&m=103642839205574&w=2
(UNKNOWN)  BUGTRAQ  20021104 [A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002)
http://www.ciac.org/ciac/bulletins/n-011.shtml
(UNKNOWN)  CIAC  N-011
http://www.iss.net/security_center/static/10502.php
(VENDOR_ADVISORY)  XF  iis-outofprocess-privilege-elevation(10502)
http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt
(UNKNOWN)  MISC  http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt
http://www.microsoft.com/technet/security/bulletin/ms02-062.asp
(VENDOR_ADVISORY)  MS  MS02-062

- 漏洞信息

Microsoft IIS进程外运行应用进程可导致权限提升漏洞(MS02-062)
高危 其他
2002-11-12 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft IIS是一款由微软公司开发的HTTP服务程序。
        Microsoft IIS服务程序对于进程外运行的应用进程的权限处理上存在漏洞,攻击者可能利用这个漏洞进行权限提升攻击。
        默认设置hosting进程(dllhost.exe)一般以IWAM_computername帐户的安全上下文运行,在某些情况下hosting进程可能象IIS ISAPI扩展一样以LocalSystem权限执行应用程序。
        不过只有已经能够在受影响的web server中上载和执行应用程序的攻击者才能利用本漏洞。正常安全实践不建议允许不可信用户在服务器中上载应用程序,即使可信用户的应用程序也须在上载前进行仔细检查。
        <*链接:http://www.microsoft.com/technet/security/bulletin/MS02-062.asp
        *>

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS02-062)以及相应补丁:
        MS02-062:Cumulative Patch for Internet Information Service (Q327696)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS02-062.asp

        补丁下载:
         * IIS 4.0:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=43566

         * IIS 5.0:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=43296

         * IIS 5.1:
         32-bit:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=43578

         64-bit:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=43602

- 漏洞信息

771
Microsoft IIS Hosting Process (dllhost.exe) Out of Process Application Unspecified Privilege Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-11-04 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft IIS Out Of Process Privilege Escalation Vulnerability
Origin Validation Error 6069
Yes No
2002-10-31 12:00:00 2009-07-11 06:06:00
Discovery of this vulnerability credited to Li0n of A3 Security Consulting Co., Ltd. ( http://www.a3sc.co.kr).

- 受影响的程序版本

Microsoft IIS 5.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
+ Microsoft Windows XP 64-bit Edition SP1
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Home
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
Microsoft IIS 4.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 1.0
+ Cisco Call Manager 1.0
+ Cisco ICS 7750
+ Cisco ICS 7750
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.0
+ Cisco Unity Server 2.0
+ Cisco uOne 4.0
+ Cisco uOne 4.0
+ Cisco uOne 3.0
+ Cisco uOne 3.0
+ Cisco uOne 2.0
+ Cisco uOne 2.0
+ Cisco uOne 1.0
+ Cisco uOne 1.0
+ Hancom Hancom Office 2007 0
+ Hancom Hancom Office 2007 0
+ Microsoft BackOffice 4.5
+ Microsoft BackOffice 4.5
+ Microsoft Windows NT 4.0 Option Pack
+ Microsoft Windows NT 4.0 Option Pack

- 漏洞讨论

A vulnerability has been reported for Microsoft IIS that may allow an attacker to obtain elevated privileges. This vulnerability can be exploited by an attacker to load and execute applications on the vulnerable server with SYSTEM level privileges. This vulnerability can exploited when IIS is configured to run applications out of process by modifying the memory space of the dllhost.exe process.

This vulnerability was originally described in BugTraq ID 6068. It is now being assigned its own BugTraq ID.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

The following patches are available:


Microsoft IIS 5.1

Microsoft IIS 4.0

Microsoft IIS 5.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站