Microsoft Windows SMB会话签名漏洞发布时间:2002-12-17 更新时间:2002-12-17 严重程度:低 威胁程度:其它 错误类型:设计错误 利用方式:中间人方式 BUGTRAQ ID:6367 CVE(CAN) ID:CAN-2002-1256 受影响系统 Microsoft Windows 2000 Advanced Server SP3详细描述 Microsoft Windows 2000和XP允许给SMB会话的每个数据包加上数字签名。当两台机器初始化一个SMB会话时会协商是允许、禁止还是要求签名。此功能的协商过程实现上存在漏洞,可能导致出现即使主机要求签名而实际SMB数据包并不签名的情况。这样可能使对于数据包内容的改动不被发现。 解决方案 Microsoft Windows 2000 Professional SP3: Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja Microsoft Windows 2000 Japanese NEC Microsoft Patch Q329170_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en Microsoft Windows 2000 Server SP3: Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja Microsoft Windows 2000 Japanese NEC Microsoft Patch Q329170_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en Microsoft Windows 2000 Advanced Server SP3: Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja Microsoft Windows 2000 Japanese NEC Microsoft Patch Q329170_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en Microsoft Windows 2000 Terminal Services SP3: Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja Microsoft Windows 2000 Japanese NEC Microsoft Patch Q329170_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en Microsoft Windows 2000 Datacenter Server SP3: Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja Microsoft Windows 2000 Japanese NEC Microsoft Patch Q329170_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en Microsoft Windows 2000 Advanced Server SP2: Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja Microsoft Windows 2000 Japanese NEC Microsoft Patch Q329170_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en Microsoft Windows 2000 Datacenter Server SP2: Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja Microsoft Windows 2000 Japanese NEC Microsoft Patch Q329170_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en Microsoft Windows 2000 Professional SP2: Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja Microsoft Windows 2000 Japanese NEC Microsoft Patch Q329170_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en Microsoft Windows 2000 Server SP2: Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja Microsoft Windows 2000 Japanese NEC Microsoft Patch Q329170_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en Microsoft Windows 2000 Terminal Services SP2: Microsoft Patch Q329170_W2K_SP4_nec98_JA.exe http://microsoft.com/downloads/details.aspx?FamilyId=F4119765-846B-491C-B162-BE06BD432828&displaylang=ja Microsoft Windows 2000 Japanese NEC Microsoft Patch Q329170_W2K_SP4_X86_EN.exe http://microsoft.com/downloads/details.aspx?FamilyId=52EAC216-A360-4E2D-9C6B-AD4D31C40BA2&displaylang=en 相关信息 Microsoft Security Bulletin MS02-070 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-070.asp |
