安全研究
安全漏洞
Microsoft ISA Server绕过Radius OTP认证漏洞(MS09-031)
发布日期:2009-07-15
更新日期:2009-07-15
受影响系统:
Microsoft ISA Server 2006可支持性升级描述:
Microsoft ISA Server 2006 SP1
Microsoft ISA Server 2006
BUGTRAQ ID: 35631
CVE(CAN) ID: CVE-2009-1135
ISA Server是微软产品家族之一,可以提供企业防火墙和高性能的Web缓存。
如果对ISA Server 2006配置了使用RADIUS OTP的基于表单认证(FBA),则当该服务器从用户代理接收到请求要求回退到HTTP-Basic认证时,ISA就无法正确地认证该请求。如果配置了KCD,ISA会继续对已发布的服务器使用KCD进行认证。对于知道管理员账号用户名的攻击者,成功利用这个漏洞可以完全控制依赖ISA Server 2006 Web发布规则进行认证的系统。攻击者随后可安装程序;查看、更改或删除数据;或者创建拥有完全管理权限的新帐户。
<*来源:David B. Cross
链接:http://secunia.com/advisories/35784/
http://blogs.technet.com/isablog/archive/2009/07/13/ms09-031-isa-server-2006-fba-and-radius-otp-bulletin.aspx
http://www.microsoft.com/technet/security/bulletin/MS09-031.mspx?pf=true
http://www.us-cert.gov/cas/techalerts/TA09-195A.html
*>
建议:
临时解决方法:
* 运行以下VB脚本:
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' This script sets whether ISA will disable Basic authentication fallback when
' ISA Forms-Based authentication with Radius OTP is being used and when the client is not
' known to support Forms-Based authentication.
'
'
' usage - to disable Basic authentication fallback when Radius OTP authentication is being used
' cscript DisableBasicFallbackForOtp.vbs
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME = "DisableBasicFallbackForOtp"
Const SE_VPS_VALUE = true
Sub SetValue()
' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
'Declare the other objects needed.
Dim array ' An FPCArray object
Dim VendorSets ' An FPCVendorParametersSets collection
Dim VendorSet ' An FPCVendorParametersSet object
' Get references to the array object
' and to the network rules collection.
Set array = root.GetContainingArray
Set VendorSets = array.VendorParametersSets
On Error Resume Next
Set VendorSet = VendorSets.Item( SE_VPS_GUID )
If Err.Number <> 0 Then
Err.Clear
' Add the item.
Set VendorSet = VendorSets.Add( SE_VPS_GUID )
CheckError
WScript.Echo "New VendorSet added... " & VendorSet.Name
Else
WScript.Echo "Existing VendorSet found... value- " & VendorSet.Value(SE_VPS_NAME)
End If
if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
Err.Clear
VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
If Err.Number <> 0 Then
CheckError
Else
VendorSets.Save false, true
CheckError
If Err.Number = 0 Then
WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
End If
End If
Else
WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
End If
End Sub
Sub CheckError()
If Err.Number <> 0 Then
WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
Err.Clear
End If
End Sub
SetValue
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS09-031)以及相应补丁:
MS09-031:Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
链接:http://www.microsoft.com/technet/security/bulletin/MS09-031.mspx?pf=true
浏览次数:3003
严重程度:0(网友投票)
绿盟科技给您安全的保障