受影响系统:
Microsoft Exchange Server 2010
Microsoft Exchange Server 2007 SP2
Microsoft Exchange Server 2007 SP1
Microsoft Exchange Server 2003 SP3
Microsoft Exchange Server 2003 SP2
Microsoft Windows XP SP3
Microsoft Windows XP SP2
Microsoft Windows Server 2008 SP2
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2003 SP2
Microsoft Windows 2000 SP4
描述:
Microsoft Windows是微软发布的非常流行的操作系统。
Windows系统中的SMTP服务没有检查从网络所接收到DNS响应的ID字段值是否实际匹配之前所发送DNS查询报文的ID字段值,恶意服务器可以通过返回伪造的查询响应执行中间人等网络欺骗攻击。
微软通过MS10-024公告中所提供的补丁修复了这个漏洞,但并没有在公告中披露这个漏洞。以下代码段显示的是补丁对CAsyncDns::ProcessReadIO所添加的验证代码:
/—–
4FB5517F
4FB5517F loc_4FB5517F:
4FB5517F mov ecx, [esi+34h] <– Transaction ID received from the network
4FB55182 mov dx, [esi+590h] <– Transaction ID set at "4FB55669: mov
[esi+590h], ax"
4FB55189 cmp dx, [ecx]
4FB5518C jz loc_4FB5
– —–/
由于在CAsyncDns::DnsParseMessage之前调用了CAsyncDns::ProcessReadIO,补丁有效的添加了之前所缺失的对DNS响应中ID值的验证。
<*来源:Nicolas Economou
链接:http://marc.info/?l=full-disclosure&m=127301231908763&w=2
http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx?pf=true
*>
建议:
厂商补丁:
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS10-024)以及相应补丁:
MS10-024:Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
链接:http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx?pf=true
0 条评论。