首页 -> 安全研究

安全研究

绿盟月刊
绿盟安全月刊->第46期->最新漏洞
期刊号: 类型: 关键词:
ISS RealSecure/BlackICE协议分析模块SMB解析堆溢出漏洞

日期:2004-03-05

发布日期:2004-02-26
更新日期:2004-03-02

受影响系统:
ISS RealSecure Network Sensor 7.0 XPU 22.9
ISS RealSecure Network Sensor 7.0 XPU 20.15
ISS RealSecure Server Sensor 7.0 XPU 22.9
ISS RealSecure Server Sensor 7.0 XPU 20.19
ISS RealSecure Server Sensor 7.0 XPU 20.18
ISS RealSecure Server Sensor 7.0 XPU 20.16
ISS RealSecure Desktop 7.0 ebh
ISS RealSecure Desktop 7.0 ebg
ISS RealSecure Desktop 7.0 eba
ISS RealSecure Desktop 3.6 ecb
ISS RealSecure Desktop 3.6 eca
ISS RealSecure Desktop 3.6 ebr
ISS BlackICE PC Protection 3.6 ccb
ISS BlackICE PC Protection 3.6 cbz
ISS BlackICE PC Protection 3.6 cbr
ISS Proventia A Series XPU 22.9
ISS Proventia A Series XPU 20.15
ISS Proventia G Series XPU 22.9
ISS Proventia G Series XPU 22.3
ISS Proventia M Series XPU 1.7
ISS Proventia M Series XPU 1.3
ISS RealSecure Guard 3.6 ecb
ISS RealSecure Guard 3.6 ebr
ISS RealSecure Sentry 3.6 ecb
ISS RealSecure Sentry 3.6 ebr
不受影响系统:
ISS RealSecure Network Sensor 7.0 XPU 22.10
ISS RealSecure Server Sensor 7.0 XPU 22.10
ISS RealSecure Desktop 7.0 ebj
ISS RealSecure Desktop 3.6 ecd
ISS BlackICE PC Protection 3.6 ccd
ISS Proventia A Series XPU 22.10
ISS Proventia G Series XPU 22.10
ISS Proventia M Series XPU 1.8
ISS RealSecure Guard 3.6 ecd
ISS RealSecure Sentry 3.6 ecd
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 9752

RealSecure和BlackICE是ISS提供的给基于主机的入侵检测/防御系统,这些产品可识别和阻挡网络攻击和入侵。

RealSecure和BlackICE使用的协议分析模块在处理SMB协议时缺少充分的缓冲区边界检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以系统权限在主机中执行任意指令。

协议分析模块(Protocol Analysis Module)用于解析网络协议来执行进一步的分析和攻击检测。其中之一支持的协议是SMB协议。SMB为客户端提供远程访问资源如文件、打印机、有名管道等的机制。

由于PAM协议分析模块对"Setup AndX"的SMB请求的解析缺少充分的边界检查,结果可导致远程攻击者提交AccountName参数包含超过300字节或更长的字符串的SMB "Setup AndX"请求,可触发基于堆的溢出。不过在部分产品中,堆保护可以探测到这些内存破坏并且重启动PAM组件以清理堆内容。

SMB解析在PAM是基于状态的,必须通过TCP/IP与网络中服务器建立一个真实的SMB连接才能触发。

<*来源:eEye
  
  链接:http://www.eeye.com/html/Research/Advisories/AD20040226.html
        http://xforce.iss.net/xforce/alerts/id/165
*>

建议:
--------------------------------------------------------------------------------
厂商补丁:

ISS
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

Internet Security Systems Proventia A Series XPU 22.9:

Internet Security Systems Upgrade Proventia A Series, XPU 22.10
http://www.iss.net/download

Internet Security Systems Proventia G Series XPU 22.9:

Internet Security Systems Upgrade Proventia G Series, XPU 22.10
http://www.iss.net/download

Internet Security Systems Proventia G Series XPU 22.3:

Internet Security Systems Upgrade Proventia G Series, XPU 22.10
http://www.iss.net/download

Internet Security Systems Proventia A Series XPU 20.15:

Internet Security Systems Upgrade Proventia A Series, XPU 22.10
http://www.iss.net/download

Internet Security Systems Proventia M Series XPU 1.7:

Internet Security Systems Upgrade Proventia M Series, XPU 1.8
http://www.iss.net/download

Internet Security Systems Proventia M Series XPU 1.3:

Internet Security Systems Upgrade Proventia M Series, XPU 1.8
http://www.iss.net/download

Internet Security Systems RealSecure Desktop 3.6 ecb:

Internet Security Systems Upgrade RealSecure Desktop 3.6 ecd
http://www.iss.net/download

Internet Security Systems RealSecure Desktop 3.6 eca:

Internet Security Systems Upgrade RealSecure Desktop 3.6 ecd
http://www.iss.net/download

Internet Security Systems RealSecure Desktop 3.6 ebr:

Internet Security Systems Upgrade RealSecure Desktop 3.6 ecd
http://www.iss.net/download

Internet Security Systems BlackIce Server Protection 3.6 ccb:

Internet Security Systems Upgrade BlackICE Server Protection 3.6 ccd
http://www.iss.net/download

Internet Security Systems BlackICE PC Protection 3.6 ccb:

Internet Security Systems Upgrade BlackICE PC Protection 3.6 ccd
http://www.iss.net/download

Internet Security Systems BlackIce Server Protection 3.6 cbz:

Internet Security Systems Upgrade BlackICE Server Protection 3.6 ccd
http://www.iss.net/download

Internet Security Systems BlackICE PC Protection 3.6 cbr:

Internet Security Systems Upgrade BlackICE PC Protection 3.6 ccd
http://www.iss.net/download

Internet Security Systems BlackIce Server Protection 3.6 cbr:

Internet Security Systems Upgrade BlackICE Server Protection 3.6 ccd
http://www.iss.net/download

Internet Security Systems BlackICE PC Protection 3.6 .cbz:

Internet Security Systems Upgrade BlackICE PC Protection 3.6 ccd
http://www.iss.net/download

Internet Security Systems RealSecure Guard 3.6 ecb:

Internet Security Systems Upgrade RealSecure Guard 3.6 ecd
http://www.iss.net/download

Internet Security Systems RealSecure Sentry 3.6 ecb:

Internet Security Systems Upgrade RealSecure Sentry 3.6 ecd
http://www.iss.net/download

Internet Security Systems RealSecure Sentry 3.6 ebr:

Internet Security Systems Upgrade RealSecure Sentry 3.6 ecd
http://www.iss.net/download

Internet Security Systems RealSecure Guard 3.6 ebr:

Internet Security Systems Upgrade RealSecure Guard 3.6 ecd
http://www.iss.net/download

Internet Security Systems RealSecure Desktop 7.0 ebh:

Internet Security Systems Upgrade RealSecure Desktop 7.0 ebj
http://www.iss.net/download

Internet Security Systems RealSecure Desktop 7.0 ebg:

Internet Security Systems Upgrade RealSecure Desktop 7.0 ebj
http://www.iss.net/download

Internet Security Systems RealSecure Desktop 7.0 eba:

Internet Security Systems Upgrade RealSecure Desktop 7.0 ebj
http://www.iss.net/download

Internet Security Systems RealSecure Network Sensor 7.0 XPU 22.9:

Internet Security Systems Upgrade RealSecure Network 7.0, XPU 22.10
http://www.iss.net/download

Internet Security Systems RealSecure Server Sensor 7.0 XPU 22.9:

Internet Security Systems Upgrade RealSecure Server Sensor 7.0, XPU 22.1
http://www.iss.net/download

Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.19:

Internet Security Systems Upgrade RealSecure Server Sensor 7.0, XPU 22.1
http://www.iss.net/download

Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.18:

Internet Security Systems Upgrade RealSecure Server Sensor 7.0, XPU 22.1
http://www.iss.net/download

Internet Security Systems RealSecure Server Sensor 7.0 XPU 20.16:

Internet Security Systems Upgrade RealSecure Server Sensor 7.0, XPU 22.1
http://www.iss.net/download

Internet Security Systems RealSecure Network Sensor 7.0 XPU 20.15:

Internet Security Systems Upgrade RealSecure Network 7.0, XPU 22.10
http://www.iss.net/download
版权所有,未经许可,不得转载