CVE-2004-0892
CVSS7.5
发布时间 :2005-01-27 00:00:00
修订时间 :2008-09-10 15:28:11
NMCOPS    

[原文]Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.


[CNNVD]Microsoft Proxy/ISA 网络欺骗漏洞(CNNVD-200501-309)

        ISA Server和Proxy server是微软公司的产品。
        Microsoft Proxy server 2.0及ISA Server 2000存在网页欺骗漏洞。
        该漏洞是由上述两款软件的DNS Cache机制引起的,远程攻击者可通过DNS欺骗,将恶意网页伪装成可信任的。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_2003_server:2003::small_business_server
cpe:/a:microsoft:proxy_server:2.0Microsoft proxy_server 2.0
cpe:/a:microsoft:isa_server:2000Microsoft isa server 2000
cpe:/o:microsoft:windows_2003_server:2000::small_business_server
cpe:/a:microsoft:isa_server:2000:sp1Microsoft isa_server 2000 sp1
cpe:/a:microsoft:isa_server:2000:sp2Microsoft isa_server 2000 sp2
cpe:/a:microsoft:proxy_server:2.0:sp1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4859Proxy Server Reverse DNS Lookup Results Spoofing
oval:org.mitre.oval:def:4264ISA Server Reverse DNS Lookup Results Spoofing
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0892
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0892
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-309
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/11605
(VENDOR_ADVISORY)  BID  11605
http://www.microsoft.com/technet/security/bulletin/ms04-039.asp
(VENDOR_ADVISORY)  MS  MS04-039
http://xforce.iss.net/xforce/xfdb/17906
(VENDOR_ADVISORY)  XF  isa-cache-reverse-spoof(17906)

- 漏洞信息

Microsoft Proxy/ISA 网络欺骗漏洞
高危 设计错误
2005-01-27 00:00:00 2006-09-25 00:00:00
远程  
        ISA Server和Proxy server是微软公司的产品。
        Microsoft Proxy server 2.0及ISA Server 2000存在网页欺骗漏洞。
        该漏洞是由上述两款软件的DNS Cache机制引起的,远程攻击者可通过DNS欺骗,将恶意网页伪装成可信任的。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.microsoft.com/technet/security/Bulletin/MS04-039.mspx
        

- 漏洞信息 (F34990)

MS04-039.html (PacketStormID:F34990)
2004-11-10 00:00:00
Martijn de Vries,Thomas de Klerk  microsoft.com
advisory,web,spoof
CVE-2004-0892
[点击下载]

Microsoft Security Advisory MS04-039 - A spoofing vulnerability exists that can enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site.

- 漏洞信息

11579
Microsoft ISA Server / Proxy Server Internet Content Spoofing

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-11-09 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft ISA and Proxy Server Web Site Spoofing Vulnerability
Design Error 11605
Yes No
2004-11-04 12:00:00 2009-07-12 08:06:00
Discovery is credited to Martijn de Vries and Thomas de Klerk of of Info Support.

- 受影响的程序版本

Microsoft Small Business Server 2003
Microsoft Small Business Server 2000 0
Microsoft Proxy Server 2.0 SP1
Microsoft Proxy Server 2.0
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft ISA Server 2000 SP2
+ Microsoft Small Business Server 2000 0
+ Microsoft Small Business Server 2003 Premium Edition
Microsoft ISA Server 2000 SP1
+ Microsoft Small Business Server 2000 0
+ Microsoft Small Business Server 2003 Premium Edition
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft ISA Server 2000 FP1
Microsoft ISA Server 2000
+ Microsoft Small Business Server 2000 0
+ Microsoft Small Business Server 2003 Premium Edition
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Server
Microsoft ISA Server 2004

- 不受影响的程序版本

Microsoft ISA Server 2004

- 漏洞讨论

Microsoft ISA and Proxy Server are reportedly prone to a Web site spoofing vulnerability. Successful exploitation of this issue could allow a remote attacker to spoof a trusted Web site.

If a connection were made to the spoofed Web site using SSL, the malicious site would not be able to spoof the certificate of the legitimate site. This would likely cause a warning message to appear to the user.

Microsoft Small Business Server 2000 and 2003 include the affected software.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has released a security bulletin and fixes to address this issue for supported versions.

Update (11/16/2004): Microsoft has revised MS04-039 to include updated fixes for ISA Server 2000 SP1 and for users who are running the vulnerable software on Microsoft Windows 2000 SP3 platforms. These updated fixes address installation problems. Please see Microsoft Security Bulletin MS04-039 for further information.


Microsoft Small Business Server 2003

Microsoft ISA Server 2000 SP2

Microsoft Small Business Server 2000 0

Microsoft Proxy Server 2.0 SP1

Microsoft ISA Server 2000 SP1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站