CVE-2002-1117
CVSS5.0
发布时间 :2002-10-04 00:00:00
修订时间 :2016-10-17 22:23:48
NMCO    

[原文]Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.


[CNNVD]Veritas Backup ExecSAM数据库和共享匿名上市漏洞(CNNVD-200210-184)

        Veritas Backup Exec 8.5及其之前版本要求Microsoft Exchange 2000的"RestrictAnonymous"注册密钥必须设置为0,该漏洞可导致SAM数据库和共享匿名列出。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1036Veritas Backup Exec RestrictAnonymous Forced Misconfiguration Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1117
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1117
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-184
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=103134395124579&w=2
(UNKNOWN)  BUGTRAQ  20020906 Veritas Backup Exec opens networks for NetBIOS based attacks?
http://marc.info/?l=bugtraq&m=103134930629683&w=2
(UNKNOWN)  BUGTRAQ  20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?)
http://seer.support.veritas.com/docs/238618.htm
(UNKNOWN)  CONFIRM  http://seer.support.veritas.com/docs/238618.htm
http://xforce.iss.net/xforce/xfdb/10093
(VENDOR_ADVISORY)  XF  veritas-backupexec-restrictanonymous-zero(10093)

- 漏洞信息

Veritas Backup ExecSAM数据库和共享匿名上市漏洞
中危 未知
2002-10-04 00:00:00 2006-03-27 00:00:00
远程  
        Veritas Backup Exec 8.5及其之前版本要求Microsoft Exchange 2000的"RestrictAnonymous"注册密钥必须设置为0,该漏洞可导致SAM数据库和共享匿名列出。
        

- 公告与补丁

        

- 漏洞信息

8230
VERITAS Backup Exec RestrictAnonymous Requirement SAM Information Disclosure
Local Access Required, Remote / Network Access Authentication Management, Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Veritas Backup Exec contains a flaw that may lead to an unauthorized information disclosure. The issue is based on the requirement for the "RestrictAnonymous" registry key to be set to 0, creating a loss of confidentiality and allowing anonymous listing of the SAM database and all associated shared folders and files.

- 时间线

2002-09-06 Unknow
2002-09-06 Unknow

- 解决方案

Upgrade to version 8.6 or higher, as it has been reported to fix this vulnerability. Post upgrade, ensure that the "RestrictAnonymous" registry key is set to 1.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站