CVE-2003-0505
CVSS5.0
发布时间 :2003-08-07 00:00:00
修订时间 :2016-10-17 22:34:47
NMCOS    

[原文]Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.


[CNNVD]NetMeeting远程目录遍历漏洞(CNNVD-200308-013)

        
        Windows NetMeeting是流行的可以在多人之间进行视频会议的程序。
        Windows NetMeeting的文件传输功能存在目录遍历问题,远程攻击者可以利用这个漏洞把文件存放到目标系统的任意位置。
        当文件传输过程中,攻击者如果使用的文件名包含"..\..\",由于NetMeeting没有任何过滤处理,可导致绕过NetMeeting原来的目录限制存储在其他文件系统中。虽然在文件传输结束后会出现对话框,会提醒用户,但是用户却没有被提示拒绝或者接收文件传输。攻击者可以把恶意程序存放到系统自启动目录来执行。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0505
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0505
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-013
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105716650021546&w=2
(UNKNOWN)  BUGTRAQ  20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability
http://www.securityfocus.com/bid/7931
(VENDOR_ADVISORY)  BID  7931

- 漏洞信息

NetMeeting远程目录遍历漏洞
中危 输入验证
2003-08-07 00:00:00 2005-10-20 00:00:00
远程  
        
        Windows NetMeeting是流行的可以在多人之间进行视频会议的程序。
        Windows NetMeeting的文件传输功能存在目录遍历问题,远程攻击者可以利用这个漏洞把文件存放到目标系统的任意位置。
        当文件传输过程中,攻击者如果使用的文件名包含"..\..\",由于NetMeeting没有任何过滤处理,可导致绕过NetMeeting原来的目录限制存储在其他文件系统中。虽然在文件传输结束后会出现对话框,会提醒用户,但是用户却没有被提示拒绝或者接收文件传输。攻击者可以把恶意程序存放到系统自启动目录来执行。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Windows 2000 Service Pack 4
        
        http://www.microsoft.com/Windows2000/downloads/servicepacks/sp4/

        Windows XP (Professional and Home edition) Service Pack 1
        
        http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/

- 漏洞信息

2239
Microsoft NetMeeting Arbitrary File Write/Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

Microsoft NetMeeting contains a flaw that allows a remote attacker to upload a file to an arbtirary location which may be executed on the remote system. The issue is due to the program not properly sanitizing filenames which may include "..\..\" style traversal attacks. This allows the attacker to upload the file to an arbitrary location including system directories, where the file may be executed.

- 时间线

2003-07-02 2003-03-03
2003-07-02 2003-06-26

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft NetMeeting Directory Traversal Vulnerability
Input Validation Error 7931
Yes No
2003-07-02 12:00:00 2009-07-11 10:06:00
Discovery is credited to Hernán Ochoa, Gustavo Ajzenman, Javier Garcia Di Palma and Pablo Rubinstein from Core Security Technologies.

- 受影响的程序版本

Microsoft NetMeeting 3.0.1 4.4.3385
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
+ Microsoft Windows XP Home
+ Microsoft Windows XP Professional

- 漏洞讨论

Microsoft NetMeeting is reported to be prone to a directory traversal vulnerability. The File Transfer function can be used to upload files from one user in a NetMeeting session to another. If the file name of the file to be transferred contained directory traversal characters (..\), the file would be saved in a location other than the NetMeeting default received files directory.

- 漏洞利用

There is no exploit code required.

- 解决方案

Microsoft has addressed this issue in Microsoft Windows 2000 SP4 and Windows XP SP1. Users are advised to upgrade as soon as possible.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站