CVE-2003-0904
CVSS6.0
发布时间 :2004-01-20 00:00:00
修订时间 :2008-09-10 00:00:00
NMCOS    

[原文]Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.


[CNNVD]Microsoft Exchange Server 2003 Outlook Web访问随机邮箱漏洞(CNNVD-200401-047)

        
        Microsoft Exchange Server 2003是一款企业级的邮件服务程序。
        Microsoft Exchange Server 2003存在一个安全问题,远程攻击者可以利用这个漏洞允许验证用户连接其他用户的OWA邮箱。
        当在前端Exchange Server 2003提供OWA访问,和当Windows 2000和Windows Server 2003上运行Outlook Web Access (OWA)及当在Windows Server 2003上使用后端Exchange 2003之间使用NTLM验证时,在处理HTTP连接重用时存在一个安全问题。
        如果其他邮箱(1)宿主在相同后端邮箱服务器及邮箱最近被访问过,那么可以通过Exchange 2003前端服务器和OWA访问他们邮箱的用户可能连接这些其他用户的邮箱。攻击者利用这个漏洞时不能猜测要连接的邮箱名,此漏洞会随机的不可靠的访问邮箱。
        默认情况下,在Exchange Server 2003前端和后端Exchange服务器HTTP验证模式使用Kerberos验证。此漏洞只存在于当运行Exchange Server 2003程序的Web站点没有配置Kerberos验证,而使OWA调用使用NTLM验证时产生。唯一的方法是通过更改Exchange后端服务器上IIS 6.0的默认配置。当Microsoft Windows SharePoint Services (WSS) 2.0安装在作为Exchange Server 2003后端的Windows Server 2003服务器上时可能会更改配置。
        

- CVSS (基础分值)

CVSS分值: 6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: SINGLE_INSTANCE [--]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/a:microsoft:sharepoint_services:2.0Microsoft Sharepoint Services 2.0
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/a:microsoft:exchange_server:2003Microsoft exchange_srv 2003

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:477MS Exchange / OWA NTLM Authentication Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0904
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0904
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200401-047
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/530660
(UNKNOWN)  CERT-VN  VU#530660
http://xforce.iss.net/xforce/xfdb/13869
(VENDOR_ADVISORY)  XF  exchange-owa-account-access(13869)
http://www.microsoft.com/exchange/support/e2k3owa.asp
(VENDOR_ADVISORY)  CONFIRM  http://www.microsoft.com/exchange/support/e2k3owa.asp
http://www.securityfocus.com/bid/9409
(UNKNOWN)  BID  9409
http://www.securityfocus.com/bid/9118
(VENDOR_ADVISORY)  BID  9118
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281
(VENDOR_ADVISORY)  NTBUGTRAQ  20031114 Exchange 2003 OWA major security flaw
http://www.microsoft.com/technet/security/bulletin/ms04-002.asp
(UNKNOWN)  MS  MS04-002
http://secunia.com/advisories/10615
(UNKNOWN)  SECUNIA  10615

- 漏洞信息

Microsoft Exchange Server 2003 Outlook Web访问随机邮箱漏洞
中危 访问验证错误
2004-01-20 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft Exchange Server 2003是一款企业级的邮件服务程序。
        Microsoft Exchange Server 2003存在一个安全问题,远程攻击者可以利用这个漏洞允许验证用户连接其他用户的OWA邮箱。
        当在前端Exchange Server 2003提供OWA访问,和当Windows 2000和Windows Server 2003上运行Outlook Web Access (OWA)及当在Windows Server 2003上使用后端Exchange 2003之间使用NTLM验证时,在处理HTTP连接重用时存在一个安全问题。
        如果其他邮箱(1)宿主在相同后端邮箱服务器及邮箱最近被访问过,那么可以通过Exchange 2003前端服务器和OWA访问他们邮箱的用户可能连接这些其他用户的邮箱。攻击者利用这个漏洞时不能猜测要连接的邮箱名,此漏洞会随机的不可靠的访问邮箱。
        默认情况下,在Exchange Server 2003前端和后端Exchange服务器HTTP验证模式使用Kerberos验证。此漏洞只存在于当运行Exchange Server 2003程序的Web站点没有配置Kerberos验证,而使OWA调用使用NTLM验证时产生。唯一的方法是通过更改Exchange后端服务器上IIS 6.0的默认配置。当Microsoft Windows SharePoint Services (WSS) 2.0安装在作为Exchange Server 2003后端的Windows Server 2003服务器上时可能会更改配置。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 关闭Exchange Server 2003前端服务器上的HTTP连接重用:
        可参考Microsoft Knowledge Base Article 832749(
        http://support.microsoft.com/?kbid=832749
)获得详细信息。
        不过此方法会降低部分性能。
        *在Exchange Server 2003后端服务器的OWA虚拟服务器上启用Kerberos验证。
        需要查看如何使用Kerberos验证配置Windows SharePoint Services,可参看如下文章:
        Microsoft Knowledge Base Article 832769:
        
        http://support.microsoft.com/?kbid=823265

        以及如果在安装Windows SharePoint Services后重新启用OWA和其他Exchange组件:
        Microsoft Knowledge Base Article 823265:
        
        http://support.microsoft.com/?kbid=823265

        厂商补丁:
        Microsoft
        ---------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Microsoft Exchange Server 2003
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=9542F949-D09B-4199-A837-FBCFC0567676&displaylang=en

- 漏洞信息

3490
Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
Information Disclosure
Loss of Confidentiality

- 漏洞描述

Microsoft Exchange 2003 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when Microsoft Windows SharePoint services are installed, causing Kerberos authentication to be disabled in IIS. This can cause improper handling of Outlook Web Access (OWA) requests, which could allow a remote user to gain access to the wrong mailbox.

- 时间线

2003-11-14 2003-11-14
Unknow Unknow

- 解决方案

Microsoft has released a patch to address this vulnerability. Installing this patch and properly configuring IIS to use Kerebos authentication will solve this vulnerablity.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
Access Validation Error 9409
Yes No
2004-01-13 12:00:00 2009-07-12 02:06:00
Announced by the vendor.

- 受影响的程序版本

Microsoft Exchange Server 2003
Microsoft Exchange Server 2000 SP3
Microsoft Exchange Server 2000 SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 2000 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 2000
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 5.5 SP4
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5 SP3
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5 SP2
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5 SP1
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0

- 不受影响的程序版本

Microsoft Exchange Server 2000 SP3
Microsoft Exchange Server 2000 SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 2000 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 2000
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
Microsoft Exchange Server 5.5 SP4
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5 SP3
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5 SP2
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5 SP1
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Exchange Server 5.5
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0

- 漏洞讨论

A vulnerability has been reported in Exchange Server 2003 with Outlook Web Access (OWA) configured. Exploitation of this vulnerability could allow an authenticated OWA user to connect to another user's OWA mailbox.

- 漏洞利用

There is no exploit code required.

- 解决方案

Microsoft has released an update to address this issue. Microsoft has reported that this security update cannot be detected by MBSA 1.1.1. As a result of this, SMS 2.0 Software Update Services Feature Pack and SMS 2.0 Administration Feature Pack's Elevated Rights Deployment Tool cannot be used for this security update.


Microsoft Exchange Server 2003

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站