漏洞信息详情
Microsoft SQLXML ISAPI远程缓冲区溢出漏洞(MS02-030)
- CNNVD编号:CNNVD-200207-017
- 危害等级: 高危
![图片[1]-Microsoft SQLXML ISAPI远程缓冲区溢出漏洞(MS02-030)-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2002-0186
- 漏洞类型:
边界条件错误
- 发布时间:
2002-06-12
- 威胁类型:
远程
- 更新时间:
2006-09-01
- 厂 商:
microsoft - 漏洞来源:
Matt Moore※ matt@w… -
漏洞简介
SQLXML ISAPI可以使IIS服务器能够从SQL服务器接受或向其输出XML数据,从而以XML的格式返回查询请求。
SQLXML ISAPI实现上存在缓冲区溢出漏洞,远程攻击者可能通过溢出攻击在主机上以SYSTEM权限执行任意指令。
当使用SQLXML的\”sql=\”语法进行SQL查询的时候,用户可以指定某些参数来影响返回的XML输出,其中的一个参数为content-type。如果提交一个超长的content-type值给IIS,服务器程序可能会崩溃,精心构造成提交的数据可能导致远程攻击者在主机上以SYSTEM进程的权限在主机上执行任意指令。A normal request looks like (in this case, a direct sql= query)。一个正常的请求是可能如下这个样子:
IIS-server/demos?sql=select+*+from+Customers+as+Customer+FOR+XML+auto&root=root&xsl=custtable.xsl&contenttype=text/html
如果content-type的值大于240个字符则可能使inetinfo.exe崩溃。
漏洞公告
厂商补丁:
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS02-030)以及相应补丁:
MS02-030:Unchecked Buffer in SQLXML Could Lead to Code Execution (Q321911)
链接:
http://www.microsoft.com/technet/security/bulletin/MS02-030.asp
补丁下载:
* Microsoft SQLXML version shipping with SQL 2000 Gold:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39547” target=”_blank”>
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39547
* Microsoft SQLXML version 2:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38480” target=”_blank”>
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38480
* Microsoft SQLXML version 3:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38481” target=”_blank”>
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38481
参考网址
来源:US-CERT Vulnerability Note: VU#811371
名称: VU#811371
链接:http://www.kb.cert.org/vuls/id/811371
来源: MS
名称: MS02-030
链接:http://www.microsoft.com/technet/security/bulletin/ms02-030.asp
来源: VULNWATCH
名称: 20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html
来源: BID
名称: 5004
链接:http://www.securityfocus.com/bid/5004
来源: OSVDB
名称: 5347
链接:http://www.osvdb.org/5347
来源: XF
名称: mssql-sqlxml-isapi-bo(9328)
链接:http://www.iss.net/security_center/static/9328.php
来源: BUGTRAQ
名称: 20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=102397345410856&w=2
来源: US Government Resource: oval:org.mitre.oval:def:489
名称: oval:org.mitre.oval:def:489
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:489
来源: US Government Resource: oval:org.mitre.oval:def:484
名称: oval:org.mitre.oval:def:484
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:484
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
