Microsoft Windows 2000 SMTP错误认证漏洞

漏洞信息详情

Microsoft Windows 2000 SMTP错误认证漏洞

• CNNVD编号：CNNVD-200108-060
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-0504
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2001-08-14
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Discovered by Joao…

Microsoft Windows 2000版本中SMTP服务的认证进程存在漏洞。远程攻击者可以使用不正确的证书来提升特权并且进行例如邮件传递的活动。

Microsoft has released a patch which addresses this issue:
Microsoft Windows 2000 Professional

• Microsoft Q302755
  
  http://www.microsoft.com/windows2000/downloads/security/q302755/defaul
  t.asp

Microsoft Windows 2000 Server SP2

• Microsoft Q302755
  
  http://www.microsoft.com/windows2000/downloads/security/q302755/defaul
  t.asp

Microsoft Windows 2000 Advanced Server SP1

• Microsoft Q302755
  
  http://www.microsoft.com/windows2000/downloads/security/q302755/defaul
  t.asp

Microsoft Windows 2000 Server SP1

• Microsoft Q302755
  
  http://www.microsoft.com/windows2000/downloads/security/q302755/defaul
  t.asp

Microsoft Windows 2000 Advanced Server SP2

• Microsoft Q302755
  
  http://www.microsoft.com/windows2000/downloads/security/q302755/defaul
  t.asp

Microsoft Windows 2000 Professional SP2

• Microsoft Q302755
  
  http://www.microsoft.com/windows2000/downloads/security/q302755/defaul
  t.asp

Microsoft Windows 2000 Advanced Server

• Microsoft Q302755
  
  http://www.microsoft.com/windows2000/downloads/security/q302755/defaul
  t.asp

Microsoft Windows 2000 Professional SP1

• Microsoft Q302755
  
  http://www.microsoft.com/windows2000/downloads/security/q302755/defaul
  t.asp

Microsoft Windows 2000 Server

• Microsoft Q302755
  
  http://www.microsoft.com/windows2000/downloads/security/q302755/defaul
  t.asp

来源:US-CERT Vulnerability Note: VU#435963
名称: VU#435963
链接:http://www.kb.cert.org/vuls/id/435963

来源: MS
名称: MS01-037
链接:http://www.microsoft.com/technet/security/bulletin/ms01-037.asp

来源: XF
名称: win2k-smtp-mail-relay(6803)
链接:http://xforce.iss.net/static/6803.php

来源: BID
名称: 2988
链接:http://www.securityfocus.com/bid/2988

来源: CIAC
名称: L-107
链接:http://www.ciac.org/ciac/bulletins/l-107.shtml