Microsoft Windows 2000 DCOM RPC接口拒绝服务及权限提升漏洞(MS03-039)

漏洞信息详情

Microsoft Windows 2000 DCOM RPC接口拒绝服务及权限提升漏洞(MS03-039)

• CNNVD编号：CNNVD-200308-204
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2003-0605
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2003-07-22
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2019-05-05
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  benjurry※ benjurry…

Remote Procedure Call (RPC)是Windows操作系统使用的一种远程过程调用协议，RPC提供进程间交互通信机制，允许在某台计算机上运行程序无缝的在远程系统上执行代码。协议本身源自OSF RPC协议，但增加了Microsoft特定的扩展。MS RPC在处理畸形消息时存在问题，远程攻击者可以利用这个漏洞进行拒绝服务攻击，在RPC服务崩溃后，可用来权限提升攻击。攻击者发送畸形消息给DCOM __RemoteGetClassObject接口，RPC服务就会崩溃，所有依靠RPC服务的应用程序和服务就会变的不正常。如果攻击者拥有合法帐户，在RPC服务崩溃后他还可以劫持管道和135端口进行权限提升攻击。

临时解决方法：

Microsoft已经为此发布了一个安全公告(MS03-039)以及相应补丁:

MS03-039：Buffer Overrun In RPCSS Service Could Allow Code Execution(824146)

链接：
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp” target=”_blank”>

http://www.microsoft.com/technet/security/bulletin/MS03-039.asp

补丁下载：

Windows NT Workstation 4.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7EABAD74-9CA9-48F4-8DB5-CF8C188879DA&displaylang=zh-cn” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=7EABAD74-9CA9-48F4-8DB5-CF8C188879DA&displaylang=zh-cn

Windows NT Server 4.0：

http://www.microsoft.com/downloads/details.aspx?FamilyId=71B6135C-F957-4702-B376-2DACCE773DC0&displaylang=zh-cn” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=71B6135C-F957-4702-B376-2DACCE773DC0&displaylang=zh-cn

Windows NT Server 4.0, Terminal Server Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=677229F8-FBBF-4FF4-A2E9-506D17BB883F” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=677229F8-FBBF-4FF4-A2E9-506D17BB883F

Windows 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F4F66D56-E7CE-44C3-8B94-817EA8485DD1&displaylang=zh-cn” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=F4F66D56-E7CE-44C3-8B94-817EA8485DD1&displaylang=zh-cn

Windows XP:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5FA055AE-A1BA-4D4A-B424-95D32CFC8CBA&displaylang=zh-cn” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=5FA055AE-A1BA-4D4A-B424-95D32CFC8CBA&displaylang=zh-cn

Windows XP 64 bit Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=50E4FB51-4E15-4A34-9DC3-7053EC206D65” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=50E4FB51-4E15-4A34-9DC3-7053EC206D65

Windows XP 64 bit Edition Version 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=80AB25B3-E387-441F-9B6D-84106F66059B” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=80AB25B3-E387-441F-9B6D-84106F66059B

Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=51184D09-4F7E-4F7B-87A4-C208E9BA4787&displaylang=zh-cn” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=51184D09-4F7E-4F7B-87A4-C208E9BA4787&displaylang=zh-cn

Windows Server 2003 64 bit Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=80AB25B3-E387-441F-9B6D-84106F66059B” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=80AB25B3-E387-441F-9B6D-84106F66059B

厂商补丁：

Microsoft

———

Microsoft已经为此发布了一个安全公告(MS03-039)以及相应补丁:

MS03-039：Buffer Overrun In RPCSS Service Could Allow Code Execution(824146)

链接：
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp” target=”_blank”>

http://www.microsoft.com/technet/security/bulletin/MS03-039.asp

补丁下载：

Windows NT Workstation 4.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7EABAD74-9CA9-48F4-8DB5-CF8C188879DA&displaylang=zh-cn” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=7EABAD74-9CA9-48F4-8DB5-CF8C188879DA&displaylang=zh-cn

Windows NT Server 4.0：

http://www.microsoft.com/downloads/details.aspx?FamilyId=71B6135C-F957-4702-B376-2DACCE773DC0&displaylang=zh-cn” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=71B6135C-F957-4702-B376-2DACCE773DC0&displaylang=zh-cn

Windows NT Server 4.0, Terminal Server Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=677229F8-FBBF-4FF4-A2E9-506D17BB883F” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=677229F8-FBBF-4FF4-A2E9-506D17BB883F

Windows 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F4F66D56-E7CE-44C3-8B94-817EA8485DD1&displaylang=zh-cn” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=F4F66D56-E7CE-44C3-8B94-817EA8485DD1&displaylang=zh-cn

Windows XP:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5FA055AE-A1BA-4D4A-B424-95D32CFC8CBA&displaylang=zh-cn” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=5FA055AE-A1BA-4D4A-B424-95D32CFC8CBA&displaylang=zh-cn

Windows XP 64 bit Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=50E4FB51-4E15-4A34-9DC3-7053EC206D65” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=50E4FB51-4E15-4A34-9DC3-7053EC206D65

Windows XP 64 bit Edition Version 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=80AB25B3-E387-441F-9B6D-84106F66059B” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=80AB25B3-E387-441F-9B6D-84106F66059B

Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=51184D09-4F7E-4F7B-87A4-C208E9BA4787&displaylang=zh-cn” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=51184D09-4F7E-4F7B-87A4-C208E9BA4787&displaylang=zh-cn

Windows Server 2003 64 bit Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=80AB25B3-E387-441F-9B6D-84106F66059B” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=80AB25B3-E387-441F-9B6D-84106F66059B

对于Windows 2000用户，我们建议您安装完Windows 2000 SP4之后再安装上述补丁:

http://www.microsoft.com/Windows2000/downloads/servicepacks/sp4/download.asp” target=”_blank”>

http://www.microsoft.com/Windows2000/downloads/servicepacks/sp4/download.asp

对于Windows NT 4.0用户，我们建议您安装完SP6a之后再安装上述补丁:

http://www.microsoft.com/NTServer/nts/downloads/recommended/SP6/allsp6.asp” target=”_blank”>

http://www.microsoft.com/NTServer/nts/downloads/recommended/SP6/allsp6.asp

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A494

来源:CERT-VN

链接:http://www.kb.cert.org/vuls/id/326746

来源:FULLDISC

链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006851.html

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1118

来源:CERT

链接:http://www.cert.org/advisories/CA-2003-23.html

来源:MS

链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039

来源:BUGTRAQ

链接:http://marc.info/?l=bugtraq&m=105880332428706&w=2

来源:CERT

链接:http://www.cert.org/advisories/CA-2003-19.html