Windows SMB客户端Transaction响应处理漏洞

漏洞信息详情

Windows SMB客户端Transaction响应处理漏洞

• CNNVD编号：CNNVD-200505-518
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2005-0045
  
• 漏洞类型：
  
  
  边界条件错误
  
• 发布时间：
  
  2005-02-08
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Yuji Ukai at eEyeD…

Windows SMB客户端在处理SMB响应时存在一个缓冲区溢出漏洞。恶意的SMB服务器可以利用这个漏洞在连接该服务器的SMB客户端主机上执行任意命令。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Microsoft Windows XP Media Center Edition SP2

Microsoft Security Update for Windows XP (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=6DF9B2D9-B86E -4924-B677-978EC6B81B54&displaylang=en

Microsoft Windows XP Tablet PC Edition SP1

Microsoft Security Update for Windows XP (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=6DF9B2D9-B86E -4924-B677-978EC6B81B54&displaylang=en

Microsoft Windows XP Tablet PC Edition SP2

Microsoft Security Update for Windows XP (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=6DF9B2D9-B86E -4924-B677-978EC6B81B54&displaylang=en

Microsoft Windows XP Media Center Edition SP1

Microsoft Security Update for Windows XP (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=6DF9B2D9-B86E -4924-B677-978EC6B81B54&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition Itanium 0

Microsoft Security Update for Windows Server 2003 64-bit Edition and Windows XP 64-bit Edition, Version 2003 (

http://www.microsoft.com/downloads/details.aspx?familyid=8DA45DD0-882E -417C-A7F2-4AABAD675129&displaylang=en

Microsoft Windows Server 2003 Standard Edition

Microsoft Security Update for Windows Server 2003 (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=1B703115-54C0 -445C-B5CE-E9A53C45B36A&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition Itanium 0

Microsoft Security Update for Windows Server 2003 64-bit Edition and Windows XP 64-bit Edition, Version 2003 (

http://www.microsoft.com/downloads/details.aspx?familyid=8DA45DD0-882E -417C-A7F2-4AABAD675129&displaylang=en

Microsoft Windows XP 64-bit Edition SP1

Microsoft Security Update for Windows XP 64-bit Edition (KB885250)

Microsoft reports that this fix may be applied to Windows XP 64-bit Edition. No specific service packs were mentioned in the supported operating system text but Windows XP 64-bit Edition Service Pack 1 was mentioned as the affected software.

http://www.microsoft.com/downloads/details.aspx?familyid=E5043926-0B79 -489B-8EA1-85512828C6F4&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition

Microsoft Security Update for Windows Server 2003 (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=1B703115-54C0 -445C-B5CE-E9A53C45B36A&displaylang=en

Microsoft Windows 2000 Advanced Server SP4

Microsoft Security Update for Windows 2000 (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=656BDDA5-672B -4A6B-B192-24A2171C7355&displaylang=en

Microsoft Windows 2000 Professional SP3

Microsoft Security Update for Windows 2000 (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=656BDDA5-672B -4A6B-B192-24A2171C7355&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Security Update for Windows Server 2003 (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=1B703115-54C0 -445C-B5CE-E9A53C45B36A&displaylang=en

Microsoft Windows XP Home SP2

Microsoft Security Update for Windows XP (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=6DF9B2D9-B86E -4924-B677-978EC6B81B54&displaylang=en

Microsoft Windows Server 2003 Web Edition

Microsoft Security Update for Windows Server 2003 (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=1B703115-54C0 -445C-B5CE-E9A53C45B36A&displaylang=en

Microsoft Windows 2000 Advanced Server SP3

Microsoft Security Update for Windows 2000 (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=656BDDA5-672B -4A6B-B192-24A2171C7355&displaylang=en

Microsoft Windows XP Home SP1

Microsoft Security Update for Windows XP (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=6DF9B2D9-B86E -4924-B677-978EC6B81B54&displaylang=en

Microsoft Windows 2000 Server SP3

Microsoft Security Update for Windows 2000 (KB885250)

http://www.microsoft.com/downloads/details.aspx?familyid=656BDDA5-672B -4A6B-B192-24A2171C7355&displaylang=en

Microsoft Windows XP 64-bit Edition Version 2003

Micros

来源: US-CERT

名称: TA05-039A

链接:http://www.us-cert.gov/cas/techalerts/TA05-039A.html

来源:US-CERT

名称: VU#652537

链接:http://www.kb.cert.org/vuls/id/652537

来源: XF

名称: win-smb-code-execution(19089)

链接:http://xforce.iss.net/xforce/xfdb/19089

来源: MS

名称: MS05-011

链接:http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx

来源: NTBUGTRAQ

名称: 20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability

链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=110795643831169&w=2

来源: BUGTRAQ

名称: 20050309 Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability

链接:http://marc.theaimsgroup.com/?l=bugtraq&m=111040962600205&w=2

来源: BUGTRAQ

名称: 20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability

链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110792638401852&w=2

来源: BID

名称: 12484

链接:http://www.securityfocus.com/bid/12484

来源: US Government Resource: oval:org.mitre.oval:def:4043

名称: oval:org.mitre.oval:def:4043

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4043

来源: US Government Resource: oval:org.mitre.oval:def:1889

名称: oval:org.mitre.oval:def:1889

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1889

来源: US Government Resource: oval:org.mitre.oval:def:1847

名称: oval:org.mitre.oval:def:1847

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1847

来源: US Government Resource: oval:org.mitre.oval:def:1606

名称: oval:org.mitre.oval:def:1606

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1606