|
|
多个Symantec HTTP代理服务器存在拒绝服务攻击
发布时间:2002-10-19
更新时间:2002-10-19
严重程度:中
威胁程度:远程拒绝服务
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:5958
受影响系统Symantec Enterprise Firewall 6.5.2 NT/2000
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 2000 Workstation SP3
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
Symantec Enterprise Firewall 7.0 Solaris
- Sun Solaris 2.6
- Sun Solaris 7.0
Symantec Enterprise Firewall 7.0 NT/2000
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
Symantec Gateway Security 5110
Symantec Gateway Security 5200
Symantec Gateway Security 5300
Symantec Raptor Firewall 6.5 Windows NT
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
Symantec Raptor Firewall 6.5.3 Solaris
- Sun Solaris 2.6
- Sun Solaris 7.0
Symantec VelociRaptor 1000
Symantec VelociRaptor 1100
Symantec VelociRaptor 1200
Symantec VelociRaptor 1300
Symantec VelociRaptor 500
Symantec VelociRaptor 700 详细描述
Raptor Firewall, Symantec Enterprise Firewall, VelociRaptor和Symantec Gateway Security系列中包含"Simple, Secure Webserver" HTTP代理。
攻击者通过从外网连接代理服务器,发送CONNECT命令到有问题的DNS服务器,代理服务器就会连接DNS服务器知道超时,这段时间没有进行FORK操作,因此多种此类请求可导致丢弃所有正常客户端请求。
测试代码
无
解决方案
关闭"Simple Secure Webserver"组件。
相关信息
参考:http://online.securityfocus.com/archive/1/295152
|
