CVE-2002-1214
CVSS7.5
发布时间 :2002-10-28 00:00:00
修订时间 :2008-09-10 15:14:03
NMCOS    

[原文]Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.


[CNNVD]Microsoft PPTP服务程序和客户端远程缓冲区溢出漏洞(MS02-063)(CNNVD-200210-281)

        
        Microsoft通过PPTP协议通过PPTP服务程序和相应客户端提供VPN 服务。
        Microsoft PPTP服务程序和客户端存在漏洞,远程攻击者可以利用这个漏洞进行拒绝服务攻击或者以服务进程在系统上执行任意指令。
        当特殊构建的PPTP包发送给Microsoft PPTP服务程序可能覆盖内核内存,使Windows 2000 SP3和Windows XP系统产生拒绝服务,导致系统被锁。
        精心构建插入SHELLCODE可导致以PPTP服务程序的进程在系统上执行任意指令。
        Microsoft PPTP客户端程序由于一直监听系统1723端口,发送特殊构建的PPTP包也可以导致系统产生拒绝服务攻击,导致系统被锁。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_2000::sp1:professionalMicrosoft Windows 2000 Professional SP1
cpe:/o:microsoft:windows_2000_terminal_services::sp3
cpe:/o:microsoft:windows_2000:::datacenter_server
cpe:/o:microsoft:windows_2000::sp1:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP1
cpe:/o:microsoft:windows_2000::sp3:professionalMicrosoft Windows 2000 Professional SP3
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_2000::sp1:serverMicrosoft Windows 2000 Server SP1
cpe:/o:microsoft:windows_2000::sp3:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP3
cpe:/o:microsoft:windows_2000::sp3:advanced_serverMicrosoft Windows 2000 Advanced Server SP3
cpe:/o:microsoft:windows_xp::gold:professionalMicrosoft Windows XP Professional Gold
cpe:/o:microsoft:windows_2000_terminal_services::sp2
cpe:/o:microsoft:windows_2000::sp2:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP2
cpe:/o:microsoft:windows_2000:::server
cpe:/o:microsoft:windows_2000::sp2:advanced_serverMicrosoft Windows 2000 Advanced Server SP2
cpe:/o:microsoft:windows_2000::sp1:advanced_serverMicrosoft Windows 2000 Advanced Server SP1
cpe:/o:microsoft:windows_2000::sp3:serverMicrosoft Windows 2000 Server SP3
cpe:/o:microsoft:windows_2000::sp2:professionalMicrosoft Windows 2000 Professional SP2
cpe:/o:microsoft:windows_2000:::advanced_server
cpe:/o:microsoft:windows_2000_terminal_services::sp1
cpe:/o:microsoft:windows_2000::sp2:serverMicrosoft Windows 2000 Server SP2
cpe:/o:microsoft:windows_2000:::professional
cpe:/o:microsoft:windows_xp::sp1:home
cpe:/o:microsoft:windows_2000_terminal_services

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1214
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1214
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-281
(官方数据源) CNNVD

- 其它链接及资源

http://online.securityfocus.com/archive/1/293146
(VENDOR_ADVISORY)  BUGTRAQ  20020926 Microsoft PPTP Server and Client remote vulnerability
http://www.securityfocus.com/bid/5807
(UNKNOWN)  BID  5807
http://www.microsoft.com/technet/security/bulletin/ms02-063.asp
(UNKNOWN)  MS  MS02-063
http://www.iss.net/security_center/static/10199.php
(UNKNOWN)  XF  win-pptp-packet-bo (10199)

- 漏洞信息

Microsoft PPTP服务程序和客户端远程缓冲区溢出漏洞(MS02-063)
高危 边界条件错误
2002-10-28 00:00:00 2005-05-13 00:00:00
远程  
        
        Microsoft通过PPTP协议通过PPTP服务程序和相应客户端提供VPN 服务。
        Microsoft PPTP服务程序和客户端存在漏洞,远程攻击者可以利用这个漏洞进行拒绝服务攻击或者以服务进程在系统上执行任意指令。
        当特殊构建的PPTP包发送给Microsoft PPTP服务程序可能覆盖内核内存,使Windows 2000 SP3和Windows XP系统产生拒绝服务,导致系统被锁。
        精心构建插入SHELLCODE可导致以PPTP服务程序的进程在系统上执行任意指令。
        Microsoft PPTP客户端程序由于一直监听系统1723端口,发送特殊构建的PPTP包也可以导致系统产生拒绝服务攻击,导致系统被锁。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在边界防火墙设置策略,只允许可信IP访问PPTP服务。
        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS02-063)以及相应补丁:
        MS02-063:Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS02-063.asp

        补丁下载:
        * Microsoft Windows 2000:
        
        http://www.microsoft.com/downloads/Release.asp?ReleaseID=43606

        * Microsoft Windows XP:
         32-bit:
        
        http://www.microsoft.com/downloads/Release.asp?ReleaseID=43635

         64-bit:
        
        http://www.microsoft.com/downloads/Release.asp?ReleaseID=43631

- 漏洞信息

13422
Microsoft Windows PPTP Service Malformed Control Data Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-09-26 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft PPTP Server Buffer Overflow Vulnerability
Boundary Condition Error 5807
Yes No
2002-09-26 12:00:00 2009-07-11 05:06:00
Discovery of this vulnerability credited to Stephan Hoffmann and Thomas Unterleitner on behalf of phion Information Technologies.

- 受影响的程序版本

Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows 2000 Terminal Services SP3
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Terminal Services SP2
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Terminal Services SP1
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Terminal Services
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server

- 漏洞讨论

A buffer overflow vulnerability has been reported for Microsoft's PPTP (Point to Point Tunneling Protocol) implementation. The vulnerability reportedly exists in both the PPTP server and client applications. It is possible for a malicious attacker to craft a packet which causes memory to be corrupted with attacker-supplied data and send it to the PPTP process. This may result in the execution of attacker-supplied malicious code.

- 漏洞利用

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

- 解决方案

Microsoft has released fixes:


Microsoft Windows 2000 Professional

Microsoft Windows 2000 Server SP2

Microsoft Windows 2000 Advanced Server SP3

Microsoft Windows XP Home

Microsoft Windows 2000 Advanced Server SP1

Microsoft Windows XP Home SP1

Microsoft Windows 2000 Advanced Server SP2

Microsoft Windows 2000 Terminal Services SP3

Microsoft Windows XP 64-bit Edition SP1

Microsoft Windows 2000 Professional SP1

Microsoft Windows 2000 Server SP3

Microsoft Windows XP 64-bit Edition

Microsoft Windows 2000 Terminal Services SP2

Microsoft Windows 2000 Server SP1

Microsoft Windows 2000 Professional SP3

Microsoft Windows XP Professional

Microsoft Windows 2000 Professional SP2

Microsoft Windows 2000 Terminal Services SP1

Microsoft Windows XP Professional SP1

Microsoft Windows 2000 Advanced Server

Microsoft Windows 2000 Terminal Services

Microsoft Windows 2000 Server

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站