Microsoft DCOM RPC内存泄露远程拒绝服务漏洞(MS04-012)

漏洞信息详情

Microsoft DCOM RPC内存泄露远程拒绝服务漏洞(MS04-012)

• CNNVD编号：CNNVD-200406-028
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0116
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2004-04-13
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  eEye info@eEye.com

Remote Procedure Call (RPC)是Windows 操作系统使用的一种远程过程调用协议，RPC提供进程间交互通信机制，允许在某台计算机上运行程序的无缝地在远程系统上执行代码。协议本身源自开放软件基金会的RPC协议，Microsoft在其基础上增加了自己的一些扩展。
RPCSS模块中的处理部分畸形消息存在问题，远程攻击者可以利用这个漏洞对RPC服务进行拒绝服务攻击。
在DCOM激活请求传递给RPCSS.DLL函数后，类中处理会分配请求包长度字段指定的大小，由于DWORD长度字段在分配前没有任何验证。客户端发送激活请求包含任意长度大小，可造成系统异常而使服务崩溃，产生拒绝服务。

临时解决方法：
如果您不能立刻安装补丁或者升级，CNNVD建议您采取以下措施以降低威胁：

* 使用防火墙对UDP端口135, 137, 138, 和445, 和TCP ports端口135, 139, 445, 和593进行过滤。
厂商补丁：
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS04-012)以及相应补丁:

MS04-012：Cumulative Update for Microsoft RPC/DCOM (828741)

链接：http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx” target=”_blank”>
http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx

补丁下载：

Microsoft Windows NT? Workstation 4.0 Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=4ACB5BD6-A0BF-40BC-8955-D833923642EF&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=4ACB5BD6-A0BF-40BC-8955-D833923642EF&displaylang=en

Microsoft Windows NT Server 4.0 Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=D4F2AD32-FE74-4DA1-AEAE-80897AC86720&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=D4F2AD32-FE74-4DA1-AEAE-80897AC86720&displaylang=en

Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

http://www.microsoft.com/downloads/details.aspx?FamilyId=5B29E35D-E5DA-4486-B7EB-D54C7398142C&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=5B29E35D-E5DA-4486-B7EB-D54C7398142C&displaylang=en

Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4

http://www.microsoft.com/downloads/details.aspx?FamilyId=FBD38C36-D1D3-47A2-A5D5-6C8F27FDCC40&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=FBD38C36-D1D3-47A2-A5D5-6C8F27FDCC40&displaylang=en

Microsoft Windows XP and Microsoft Windows XP Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=D488BBBB-DA77-448D-8FF0-0A649A0D8FC3&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=D488BBBB-DA77-448D-8FF0-0A649A0D8FC3&displaylang=en

Microsoft Windows XP 64-Bit Edition Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=4C3ED21D-FF40-4C9D-99DD-1632E43C1645&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C3ED21D-FF40-4C9D-99DD-1632E43C1645&displaylang=en

Microsoft Windows XP 64-Bit Edition Version 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=75A08528-5E99-4BE0-8E97-F1C9789611EB&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=75A08528-5E99-4BE0-8E97-F1C9789611EB&displaylang=en

Microsoft Windows Server? 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=07317CE9-520D-4574-B575-5FB85DA9A4D7&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=07317CE9-520D-4574-B575-5FB85DA9A4D7&displaylang=en

Microsoft Windows Server 2003 64-Bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=75A08528-5E99-4BE0-8E97-F1C9789611EB&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=75A08528-5E99-4BE0-8E97-F1C9789611EB&displaylang=en

来源:US-CERT Vulnerability Note: VU#417052
名称: VU#417052
链接:http://www.kb.cert.org/vuls/id/417052

来源:US-CERT Technical Alert: TA04-104A
名称: TA04-104A
链接:http://www.us-cert.gov/cas/techalerts/TA04-104A.html

来源: EEYE
名称: AD20040413A
链接:http://www.eeye.com/html/Research/Advisories/AD20040413A.html

来源: MS
名称: MS04-012
链接:http://www.microsoft.com/technet/security/bulletin/ms04-012.asp

来源: XF
名称: win-rpcss-rpcmessage-dos(15708)
链接:http://xforce.iss.net/xforce/xfdb/15708

来源: BID
名称: 10127
链接:http://www.securityfocus.com/bid/10127

来源: CIAC
名称: O-115
链接:http://www.ciac.org/ciac/bulletins/o-115.shtml

来源: SECTRACK
名称: 1009758
链接:http://securitytracker.com/alerts/2004/Apr/1009758.html

来源: SECUNIA
名称: 11065
链接:http://secunia.com/advisories/11065/

来源: US Government Resource: oval:org.mitre.oval:def:958
名称: oval:org.mitre.oval:def:958
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:958

来源: US Government Resource: oval:org.mitre.oval:def:957
名称: oval:org.mitre.oval:def:957
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:957

来源: US Government Resource: oval:org.mitre.oval:def:955
名称: oval:org.mitre.oval:def:955
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:955