CVE-2005-1216
CVSS7.5
发布时间 :2005-06-14 00:00:00
修订时间 :2008-09-10 15:38:16
NMCOS    

[原文]Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.


[CNNVD]Microsoft ISA Server NetBIOS预定义过滤策略绕过漏洞(CNNVD-200506-124)

        ISA Server是微软产品家族之一,可以提供企业防火墙和高性能的Web缓存。
        ISA Server 2000中存在权限提升漏洞,成功利用这个漏洞可以绕过策略限制。
        攻击者可以利用NetBIOS(all)预定义报文过滤同ISA Server创建NetBIOS连接。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:468ISA Server NetBIOS Packet Filter Bypass Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1216
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1216
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200506-124
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/367077
(UNKNOWN)  CERT-VN  VU#367077
http://www.microsoft.com/technet/Security/bulletin/ms05-034.mspx
(VENDOR_ADVISORY)  MS  MS05-034
http://secunia.com/advisories/15693/
(VENDOR_ADVISORY)  SECUNIA  15693
http://www.securityfocus.com/bid/13954
(UNKNOWN)  BID  13954
http://securitytracker.com/id?1014193
(UNKNOWN)  SECTRACK  1014193

- 漏洞信息

Microsoft ISA Server NetBIOS预定义过滤策略绕过漏洞
高危 资料不足
2005-06-14 00:00:00 2005-10-20 00:00:00
远程  
        ISA Server是微软产品家族之一,可以提供企业防火墙和高性能的Web缓存。
        ISA Server 2000中存在权限提升漏洞,成功利用这个漏洞可以绕过策略限制。
        攻击者可以利用NetBIOS(all)预定义报文过滤同ISA Server创建NetBIOS连接。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.microsoft.com/technet/security/Bulletin/MS05-034.mspx

- 漏洞信息

17312
Microsoft ISA Server NetBIOS Predefined Filter Privilege Escalation
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Unknown

- 漏洞描述

Microsoft ISA Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the NetBIOS (all) predefined packet filter allows remote attackers to connect to services utilizing the NetBIOS protocol. This flaw may lead to a loss of confidentiality or integrity.

- 时间线

2005-06-14 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft ISA Server NetBIOS Predefined Filter Policy Bypass Vulnerability
Unknown 13954
Yes No
2005-06-14 12:00:00 2009-07-12 02:56:00
The vendor reported this issue.

- 受影响的程序版本

Microsoft ISA Server 2000 Enterprise Edition SP2
Microsoft ISA Server 2000 Enterprise Edition SP1
Microsoft ISA Server 2000 Enterprise Edition
Microsoft ISA Server 2000 SP2
+ Microsoft Small Business Server 2000 0
+ Microsoft Small Business Server 2003 Premium Edition
Microsoft ISA Server 2000 SP1
+ Microsoft Small Business Server 2000 0
+ Microsoft Small Business Server 2003 Premium Edition
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft ISA Server 2000 FP1
Microsoft ISA Server 2000
+ Microsoft Small Business Server 2000 0
+ Microsoft Small Business Server 2003 Premium Edition
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Server
Microsoft ISA Server 2004

- 不受影响的程序版本

Microsoft ISA Server 2004

- 漏洞讨论

Microsoft Internet Security and Acceleration (ISA) server is prone to a policy bypass vulnerability. Reports indicate that the issue manifests when a Microsoft ISA server is utilizing the 'NetBIOS (all)' predefined filter.

A remote attacker may leverage this vulnerability to successfully make NetBIOS connections to NetBIOS based services that exist on a target ISA server.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has released a fix to address this issue.


Microsoft ISA Server 2000 Enterprise Edition SP2

Microsoft ISA Server 2000 FP1

Microsoft ISA Server 2000 SP1

Microsoft ISA Server 2000

Microsoft ISA Server 2000 SP2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站