Microsoft Winsock代理服务远程拒绝服务攻击漏洞(MS03-012)

漏洞信息详情

Microsoft Winsock代理服务远程拒绝服务攻击漏洞(MS03-012)

• CNNVD编号：CNNVD-200305-003
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2003-0110
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2003-04-09
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-25
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  iDEFENSE Labs※ lab…

Microsoft ISA服务器集成可扩展，多层企业级防火墙，可扩展高性能WEB缓冲服务程序。MS Proxy是ISA服务器的前身。
Microsoft代理服务器不正确处理部分畸形包请求，远程攻击者可以利用这个漏洞对代理服务程序进行拒绝服务攻击。
ISA Server和MS Proxy 2.0默认安装WinSock代理服务wspsrv.exe，设计用于测试和诊断用途。WSP服务建立UDP协议套接口绑定在1745端口，攻击者发送特殊构建的包可以导致WSP产生无限循环，消耗大量CPU时间，停止对正常服务的响应。
畸形的包需要有如下特征：
* 源和目的IP都为ISA服务器。
* 源和目的端口都为1745。
* 数据段特殊构建和重组请求格式。

厂商补丁：
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS03-012)以及相应补丁:

MS03-012：Flaw In Winsock Proxy Service And ISA Server Firewall Service Can Cause Denial Of Service (331066)

链接：http://www.microsoft.com/technet/security/bulletin/MS03-012.asp” target=”_blank”>
http://www.microsoft.com/technet/security/bulletin/MS03-012.asp

补丁下载：

Proxy Server 2.0:

http://microsoft.com/downloads/details.aspx?FamilyId=C81688B7-20FB-45EB-BAFD-031A0D2923E6&displaylang=en” target=”_blank”>
http://microsoft.com/downloads/details.aspx?FamilyId=C81688B7-20FB-45EB-BAFD-031A0D2923E6&displaylang=en

ISA Server:

English:

http://microsoft.com/downloads/details.aspx?FamilyId=3C43FAD2-A888-4603-84B7-1053C8663436&displaylang=en” target=”_blank”>
http://microsoft.com/downloads/details.aspx?FamilyId=3C43FAD2-A888-4603-84B7-1053C8663436&displaylang=en

French:

http://microsoft.com/downloads/details.aspx?FamilyId=3C43FAD2-A888-4603-84B7-1053C8663436&displaylang=fr” target=”_blank”>
http://microsoft.com/downloads/details.aspx?FamilyId=3C43FAD2-A888-4603-84B7-1053C8663436&displaylang=fr

German:

http://microsoft.com/downloads/details.aspx?FamilyId=3C43FAD2-A888-4603-84B7-1053C8663436&displaylang=de” target=”_blank”>
http://microsoft.com/downloads/details.aspx?FamilyId=3C43FAD2-A888-4603-84B7-1053C8663436&displaylang=de

Spanish:

http://microsoft.com/downloads/details.aspx?FamilyId=3C43FAD2-A888-4603-84B7-1053C8663436&displaylang=es” target=”_blank”>
http://microsoft.com/downloads/details.aspx?FamilyId=3C43FAD2-A888-4603-84B7-1053C8663436&displaylang=es

Japanese:

http://microsoft.com/downloads/details.aspx?FamilyId=3C43FAD2-A888-4603-84B7-1053C8663436&displaylang=ja” target=”_blank”>
http://microsoft.com/downloads/details.aspx?FamilyId=3C43FAD2-A888-4603-84B7-1053C8663436&displaylang=ja

来源: MS
名称: MS03-012
链接:http://www.microsoft.com/technet/security/bulletin/ms03-012.asp

来源: www.idefense.com
链接:http://www.idefense.com/advisory/04.09.03.txt

来源: BUGTRAQ
名称: 20030409 iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration Server 2000
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104994487012027&w=2

来源: US Government Resource: oval:org.mitre.oval:def:406
名称: oval:org.mitre.oval:def:406
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:406