CVE-2002-1407
CVSS7.5
发布时间 :2003-04-11 00:00:00
修订时间 :2016-10-17 22:26:58
NMCOS    

[原文]TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.


[CNNVD]Microsoft Internet Explore SSL证书认证中间人攻击漏洞(MS02-050)(CNNVD-200304-084)

        
        Internet Explorer是一款流行的WEB浏览程序,SSL是加密通信协议。
        Internet Explorer的SSL实现存在问题,远程攻击者可以利用这个漏洞进行中间人攻击。
        在通常情况下,WEB站点的管理员通过SSL进行通信加密,要实现加密通信,管理员需要生成证书并由CA证书授权中心签发,该WEB站点的URL会保存在证书的识别名小节中的CN(公用名)字段中。
        CA会验证管理员是否合法拥有的CN字段中的URL,签发证书并返回证书。假定管理员尝试对www.thoughtcrime.org进行加密,就有如下的证书签发过程:
        [CERT - Issuer: VeriSign / Subject: VeriSign]
        -> [CERT - Issuer: VeriSign / Subject: www.thoughtcrime.org]
        当WEB浏览器接收到这个证书时,必须验证CN字段是否与它刚连接的那个域名匹配,并且是否是由一个了已知的CA证书签名,这种情况下攻击者不可能使用合法的CN名和合法的签名来替代证书,所以不存在中间人攻击。
        但是有些情况下,为了方便会使用本地授权,因此这种情况下www.thoughtcrime.org会从本地授权中获得如下的证书链结构:
        [Issuer: VeriSign / Subject: VeriSign]
        -> [Issuer: VeriSign / Subject: Intermediate CA]
         -> [Issuer: Intermediate CA / Subject: www.thoughtcrime.org]
        当WEB浏览器接收到此信息时,它必须验证分支证书的CN字段是否与它刚连接的那个域名匹配,以及该证书是否是由中间CA所签发,并且中间CA签发的证书是否由已知CA证书签发。最后,WEB浏览器还应该检查所有中间证书是否有合法的CA Basic Constraints,也就是说这些分支证书是否有合法授权进行证书签发。
        但Internet Explorer存在设计漏洞,没有检查CA Basic Constraints信息,这样,具有任意域一个名合法CA签发证书的攻击者可以生成任意其他域名的合法CA证书。
        假设攻击者是www.thoughtcrime.org的合法管理者,他可以首先可以生成一合法证书并从VeriSign中请求签名:
        [CERT - Issuer: VeriSign / Subject: VeriSign]
        -> [CERT - Issuer: VeriSign / Subject: www.thoughtcrime.org]
        然后为任意域如(www.amazon.com)生成一证书,并使用自己的证书进行签名:
        [CERT - Issuer: VeriSign / Subject: VeriSign]
        -> [CERT - Issuer: VeriSign / Subject: www.thoughtcrime.org]
         -> [CERT - Issuer: www.thoughtcrime.org / Subject: www.amazon.com]
        由于IE不会检查www.thoughtcrime.org的Basic Constraints信息,IE就会按照这个证书链合法接收www.amazon.com域。
        任何人拥有任何CA签发的证书(和相应的私钥)可以欺骗任何用户。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1407
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1407
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200304-084
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2002-08/0096.html
(VENDOR_ADVISORY)  BUGTRAQ  20020810 TinySSL Vendor Statement: Basic Constraints Vulnerability
http://marc.info/?l=bugtraq&m=102866120821995&w=2
(UNKNOWN)  BUGTRAQ  20020805 IE SSL Vulnerability
http://www.securityfocus.com/bid/5410
(VENDOR_ADVISORY)  BID  5410
http://xforce.iss.net/xforce/xfdb/9776
(UNKNOWN)  XF  ssl-ca-certificate-spoofing(9776)

- 漏洞信息

Microsoft Internet Explore SSL证书认证中间人攻击漏洞(MS02-050)
高危 设计错误
2003-04-11 00:00:00 2005-08-08 00:00:00
远程  
        
        Internet Explorer是一款流行的WEB浏览程序,SSL是加密通信协议。
        Internet Explorer的SSL实现存在问题,远程攻击者可以利用这个漏洞进行中间人攻击。
        在通常情况下,WEB站点的管理员通过SSL进行通信加密,要实现加密通信,管理员需要生成证书并由CA证书授权中心签发,该WEB站点的URL会保存在证书的识别名小节中的CN(公用名)字段中。
        CA会验证管理员是否合法拥有的CN字段中的URL,签发证书并返回证书。假定管理员尝试对www.thoughtcrime.org进行加密,就有如下的证书签发过程:
        [CERT - Issuer: VeriSign / Subject: VeriSign]
        -> [CERT - Issuer: VeriSign / Subject: www.thoughtcrime.org]
        当WEB浏览器接收到这个证书时,必须验证CN字段是否与它刚连接的那个域名匹配,并且是否是由一个了已知的CA证书签名,这种情况下攻击者不可能使用合法的CN名和合法的签名来替代证书,所以不存在中间人攻击。
        但是有些情况下,为了方便会使用本地授权,因此这种情况下www.thoughtcrime.org会从本地授权中获得如下的证书链结构:
        [Issuer: VeriSign / Subject: VeriSign]
        -> [Issuer: VeriSign / Subject: Intermediate CA]
         -> [Issuer: Intermediate CA / Subject: www.thoughtcrime.org]
        当WEB浏览器接收到此信息时,它必须验证分支证书的CN字段是否与它刚连接的那个域名匹配,以及该证书是否是由中间CA所签发,并且中间CA签发的证书是否由已知CA证书签发。最后,WEB浏览器还应该检查所有中间证书是否有合法的CA Basic Constraints,也就是说这些分支证书是否有合法授权进行证书签发。
        但Internet Explorer存在设计漏洞,没有检查CA Basic Constraints信息,这样,具有任意域一个名合法CA签发证书的攻击者可以生成任意其他域名的合法CA证书。
        假设攻击者是www.thoughtcrime.org的合法管理者,他可以首先可以生成一合法证书并从VeriSign中请求签名:
        [CERT - Issuer: VeriSign / Subject: VeriSign]
        -> [CERT - Issuer: VeriSign / Subject: www.thoughtcrime.org]
        然后为任意域如(www.amazon.com)生成一证书,并使用自己的证书进行签名:
        [CERT - Issuer: VeriSign / Subject: VeriSign]
        -> [CERT - Issuer: VeriSign / Subject: www.thoughtcrime.org]
         -> [CERT - Issuer: www.thoughtcrime.org / Subject: www.amazon.com]
        由于IE不会检查www.thoughtcrime.org的Basic Constraints信息,IE就会按照这个证书链合法接收www.amazon.com域。
        任何人拥有任何CA签发的证书(和相应的私钥)可以欺骗任何用户。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 对于敏感的应用,在进行SSL连接时手工检查证书链,如果发现有中间证书可以认为正在遭受中间人攻击。
        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS02-050)以及相应补丁:
        MS02-050: Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS02-050.asp

        补丁下载:
        Microsoft Windows 98:
        
        http://www.microsoft.com/windows98/downloads/contents/WUCritical/q328145/default.asp

        Windows 98 Second Edition:
        
        http://www.microsoft.com/windows98/downloads/contents/WUCritical/q328145/default.asp

        Windows Me:
        
        http://support.microsoft.com/default.aspx?scid=kb;en-us;Q328145

        Windows NT 4.0:
        
        http://www.microsoft.com/ntserver/nts/downloads/critical/q328145/default.asp

        Windows NT 4.0 Terminal Server Edition:
        
        http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q328145/default.asp

        Windows 2000:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=42431

        Windows XP and Windows XP 64 Bit Edition:
        
        http://www.microsoft.com/windowsxp/pro/downloads/q328145.asp

        Microsoft Office v.X for Mac:
        
        http://www.microsoft.com/mac/download/security.asp

        Microsoft Office 2001 for Mac:
        
        http://www.microsoft.com/mac/download/security.asp

        Microsoft Office 98 for the Macintosh:
        
        http://www.microsoft.com/mac/download/security.asp

        Microsoft Internet Explorer for Mac (for OS 8.1 to 9.x):
        
        http://www.microsoft.com/mac/download/security.asp

        Microsoft Internet Explorer for Mac (for OS X):
        
        http://www.microsoft.com/mac/download/security.asp

        Microsoft Outlook Express 5.0.6 for Mac:
        
        http://www.microsoft.com/mac/download/security.asp

- 漏洞信息

59725
TinySSL SSL Basic Constraints Intermediate CA-signed Certificate Validation Failure
Remote / Network Access, Context Dependent Cryptographic
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-08-05 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Vendor Invalid X.509 Certificate Chain Vulnerability
Design Error 5410
Yes No
2002-08-06 12:00:00 2009-07-11 02:56:00
Reported by Mike Benham <moxie@thoughtcrime.org>.

- 受影响的程序版本

Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 0
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT 4.0 SP6a alpha
Microsoft Windows NT 4.0 SP6a
Microsoft Windows NT 4.0 SP6 alpha
Microsoft Windows NT 4.0 SP6
+ Microsoft Windows NT Enterprise Server 4.0 SP6
+ Microsoft Windows NT Enterprise Server 4.0 SP6
+ Microsoft Windows NT Server 4.0 SP6
+ Microsoft Windows NT Server 4.0 SP6
+ Microsoft Windows NT Terminal Server 4.0 SP6
+ Microsoft Windows NT Terminal Server 4.0 SP6
+ Microsoft Windows NT Workstation 4.0 SP6
+ Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT 4.0 SP5 alpha
Microsoft Windows NT 4.0 SP5
Microsoft Windows NT 4.0 SP4 alpha
Microsoft Windows NT 4.0 SP4
+ Microsoft Windows NT Enterprise Server 4.0 SP4
+ Microsoft Windows NT Enterprise Server 4.0 SP4
+ Microsoft Windows NT Server 4.0 SP4
+ Microsoft Windows NT Server 4.0 SP4
+ Microsoft Windows NT Terminal Server 4.0 SP4
+ Microsoft Windows NT Terminal Server 4.0 SP4
+ Microsoft Windows NT Workstation 4.0 SP4
+ Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT 4.0 SP3 alpha
Microsoft Windows NT 4.0 SP3
Microsoft Windows NT 4.0 SP2 alpha
Microsoft Windows NT 4.0 SP2
Microsoft Windows NT 4.0 SP1 alpha
Microsoft Windows NT 4.0 SP1
Microsoft Windows NT 4.0 alpha
Microsoft Windows NT 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Workstation 4.0
+ Microsoft Windows NT Workstation 4.0
Microsoft Windows ME
Microsoft Windows 98SE
Microsoft Windows 98
Microsoft Windows 2000 Terminal Services SP3
Microsoft Windows 2000 Terminal Services SP2
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Terminal Services SP1
Microsoft Windows 2000 Terminal Services
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Microsoft Outlook Express for MacOS 5.0.3
Microsoft Outlook Express for MacOS 5.0.2
Microsoft Outlook Express for MacOS 5.0.1
Microsoft Outlook Express for MacOS 5.0
Microsoft Outlook Express for MacOS 4.5
Microsoft Outlook Express 5.0
Microsoft Office v. X
Microsoft Office 98 For Mac
Microsoft Office 2001 For Macintosh SR1
Microsoft Office 2001 For Macintosh
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.5 SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
Microsoft Internet Explorer 5.5 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a

- 不受影响的程序版本

KDE Konqueror 3.0.3
+ KDE KDE 3.0.3
KDE KDE 3.0.3
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ FreeBSD FreeBSD 4.7 -STABLE
+ FreeBSD FreeBSD 4.7 -STABLE
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
BEA Systems WebLogic Server for Win32 7.0 .0.1 SP 2
BEA Systems WebLogic Server for Win32 7.0 SP 2
BEA Systems WebLogic Server for Win32 6.1 SP 5
BEA Systems Weblogic Server 7.0 .0.1 SP 2
BEA Systems Weblogic Server 7.0 SP 2
BEA Systems Weblogic Server 6.1 SP 5
BEA Systems WebLogic Express for Win32 7.0 .0.1 SP 2
BEA Systems WebLogic Express for Win32 7.0 SP 2
BEA Systems WebLogic Express for Win32 6.1 SP 5
BEA Systems WebLogic Express 7.0 .0.1 SP 2
BEA Systems WebLogic Express 7.0 SP 2
BEA Systems WebLogic Express 6.1 SP 5
Adam Megacz TinySSL 1.0.3

- 漏洞讨论

A flaw has been reported in the handling of X.509 certificates by a number of products, including several web browsers. It may be possible for a malicious party to create certificates for arbitrary domains, which will be treated as trusted by the vulnerable browser.

The flaw lies in the handling of intermediate certificate authorities. Normally, intermediate certificates should possess a Basic Constraints field which states the certificate may be used as a signing authority.

Vulnerable products do not require the Basic Constraints field be properly defined. A malicious party with one valid certificate may sign a new certificate for an arbitrary domain. This may allow the attacker to spoof a sensitive domain, or to attempt a man-in-the-middle attack against encrypted communications.

This vulnerability was originally reported in Microsoft's Internet Explorer web browser. It has been reported that, in the case of Microsoft Internet Explorer, the flaw lies in some cryptographic functions implemented in the operating system. It should be noted that this flaw has not been reported in the Cryptographic API included with Microsoft Windows.

Reports state that IIS 5.0 under Windows 2000 is also vulnerable. In this case, client certificate chains are not properly verified. Attackers may exploit this vulnerability to bypass some authentication schemes.

This vulnerability also exists in some versions of KDE and the included Konqueror web browser. Versions 3.0.2 and earlier are vulnerable.

** A report suggests that the patch issued by Microsoft may not fully protect against this vulnerability. It may be possible that a malicious site using an invalid certificate may mislead users into believing that a certificate is expired rather than being invalid.

** UPDATE 11/11/03 - Microsoft has updated their bulletin for this issue. Users who installed Internet Explorer 6 after installing Windows 2000 Service Pack 4 may have reintroduced this issue onto their systems. A new patch is available for users who installed Internet Explorer 6 on Windows 2000 SP4 systems.

- 漏洞利用

Mike Benham &lt;moxie@thoughtcrime.org&gt; has released a sample exploit for this issue:

- 解决方案

For sensitive applications, the certificate chain may be manually inspected whenever a SSL connection is initiated. The presence of an intermediate certificate authority may indicate that an attack is being attempted.

An updated version of the TinySSL library is available. It may be retrieved through anonymous CVS as part of the XWT project:

http://www.xwt.org/download.html

It has been reported that Windows 2000 SP3 resolves this issue for IIS 5.0. This has not been confirmed. It is, however, recommended that administrators install all security fixes as a general practice.

Microsoft has released patches from some products. Patches for other Microsoft products are reported by the vendor to be forthcoming. This issue has been addressed in Microsoft Internet Explorer Macintosh Edition version 5.2.2, which may be downloaded from Microsoft or obtained using Software Update.

Microsoft has released new patches for users who installed Internet Explorer 6 on Windows 2000 systems with Service Pack 4 already installed.

Conectiva has released an advisory, and a set of updated RPMs for KDE packages. Administrators are advised to update all packages to KDE 3.0.3. A comprehensive list of packages affected is available in the referenced Conectiva advisory.

This issue is resolved in KDE and Konqueror 3.0.3. A patch has also been provided for users of KDE and Konqueror 2.2.2.

RedHat has released an advisory, RHSA-2002:220-40, that contains many fixes. Information about obtaining and applying fixes are available in the referenced advisory.

BEA Systems has released advisory BEA03-31.00 and made fixes available to address this issue. Users of affected 6.1 versions should upgrade to Service Pack 5. Users of affected 7.0 and 7.0.0.1 versions should upgrade to Service Pack 2.

The following fixes are available:


Microsoft Windows NT Terminal Server 4.0 SP6

Microsoft Windows XP Professional

Microsoft Windows NT Workstation 4.0 SP6a

Microsoft Windows 2000 Advanced Server SP4

KDE Konqueror 2.2.2

KDE KDE 2.2.2

BEA Systems WebLogic Enterprise 5.0.1

BEA Systems WebLogic Express 5.1 SP 8

BEA Systems WebLogic Server for Win32 5.1 SP 5

BEA Systems WebLogic Enterprise 5.1

BEA Systems WebLogic Express for Win32 5.1 SP 2

BEA Systems WebLogic Server for Win32 5.1 SP 7

BEA Systems WebLogic Express 5.1 SP 11

BEA Systems WebLogic Server for Win32 5.1 SP 12

BEA Systems WebLogic Express for Win32 5.1 SP 7

BEA Systems WebLogic Express 5.1 SP 12

BEA Systems WebLogic Express for Win32 5.1 SP 12

BEA Systems WebLogic Server for Win32 5.1 SP 4

BEA Systems Weblogic Server 5.1 SP 10

BEA Systems Weblogic Server 5.1 SP 2

BEA Systems WebLogic Server for Win32 5.1 SP 3

BEA Systems WebLogic Express for Win32 5.1 SP 4

BEA Systems WebLogic Express 5.1 SP 13

BEA Systems WebLogic Express for Win32 5.1 SP 6

BEA Systems WebLogic Express 5.1 SP 2

BEA Systems Weblogic Server 5.1 SP 11

BEA Systems WebLogic Express 5.1 SP 1

BEA Systems Weblogic Server 5.1 SP 9

BEA Systems Weblogic Server 5.1 SP 5

BEA Systems WebLogic Server for Win32 5.1 SP 10

BEA Systems WebLogic Express 5.1 SP 6

BEA Systems WebLogic Express 5.1 SP 3

BEA Systems Weblogic Server 5.1 SP 3

BEA Systems Tuxedo 8.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站