微软(日本)5月15日公布了“Internet Information Server 4.0/Services Microsoft (Japan) May 15 announced the "Internet Information Server 4.0/Services
5.0(以下简称IIS)”存在的安全漏洞。这是一个十分重大的漏洞,因为在IIS服务器上存在有任何OS命令都会被执行的危险。将OS命令以某种特定的字母组合排列好后向IIS发出申请,IIS就会把这一命令传递给系统文件夹(如“winnetsystem32”)中的“CMD.EXE(程序解释器)”,而 CMD.EXE就会在服务器上执行这一命令。 5.0 (hereinafter referred to as IIS) "security vulnerabilities. This is a very serious flaw, because the existence of the IIS server OS commands will be executed any danger would be the OS command to a specific letter combinations lined up after the IIS issue application, IIS will pass to the command to the system folder (such as "winnetsystem32") in "CMD.EXE (program interpreter)", and CMD.EXE will execute this command on the server.
该公司在发布安全漏洞信息的同时也公开了日语版补丁。 The company released a security vulnerability information is also disclosed in Japanese version of the patch. 此次公布的补丁特别包含了以前所有补丁内容(对IIS4.0而言是指Windows NT 4.0 The announcement of the patch contains all previous patches particular content (in terms of IIS4.0 is Windows NT 4.0
Service Pack Service Pack
5之后的版本)。 5 later). 因此,不仅是此次宣布的漏洞,即使是过去公开的所有IIS安全漏洞均可凭借此次发布的补丁修补。 It is not just the announcement of the vulnerability, even in the past publicly available for all IIS security vulnerabilities with the release of the patch repair. 系统管理人员必须尽早使用这一补丁程序。 System managers must use this patch as soon as possible.
IIS服务器可能执行任何OS命令此次的安全漏洞与过去屡次警告的“(MS00-086)'Web服务器对文件请求的解析'的脆弱性对策”一样严重。 IIS server may execute any OS command of security vulnerabilities and the repeated warnings of the past "(MS00-086) 'Web server file request parsing' vulnerability to countermeasures," as serious. 攻击方法与攻击所造成的影响也几乎完全相同。 Attack methods and the impact of attacks is also almost identical.
一般情况下,对IIS的请求中对公开文件夹之外(如系统文件夹)的访问的请求都会在检查时被拒绝。 Under normal circumstances, requests to IIS in addition to the open folder (such as the system folder) requests for access will be denied during the examination. 然而,此次的漏洞则是有的请求可以通过在字母的排列上做一些手脚从而在检查中蒙混过关。 However, this vulnerability is some requests can be arranged through the letters on the hands and feet to do some checking in under false pretenses. 而IIS不是把它判断为对系统文件夹内的CMD.EXE的请求,而是判断为scripts文件夹内的服务器端执行程序(如CGIscript)的“合法”请求而予以继续处理。 And IIS is not to judge it as a folder on the system's request within CMD.EXE, but judge for the scripts folder within the server-side implementation of the program (such as CGIscript) "legal" to continue processing the request.
此时,攻击者就会利用嵌入Windows At this point, the attacker will use embedded Windows
NT/2000的帐号“IUSER_机器名”的权限访问能执行命令的文件。 NT/2000 account "IUSER_ machine name" permission to execute commands to access the file. “IUSER_机器名”是访问IIS的用户为了浏览Web而必须的帐号。 "IUSER_ machine name" is the access to the IIS user account must be browsing the Web. 当然也并不是将能进行所有操作的Administrator(管理者)权限夺走。 Of course, not all operations will be able to Administrator (administrator) privileges taken away.
尽管如此,通常使用“IUSER_机器名”权限也可以进行,1)删除或改变服务器上的文件、2)上传并执行任何文件、3)将硬盘格式化等操作。 Nevertheless, the commonly used "IUSER_ machine name" permission can be, 1) delete or alter files on the server, 2) upload and execute any documents, 3) the hard disk formatting and other operations. 另外,如果攻击者恶意使用“IUSER_机器名”的权限进一步发难的话,Administrator权限就有被夺走的危险。 In addition, if a malicious attacker to use "IUSER_ machine name" permission, then further revolt, Administrator privileges danger of being taken away.
另外,微软(日本)还同时公布了另外两个类型的安全漏洞。 In addition, Microsoft (Japan) has also announced two other types of security vulnerabilities. 均为与IIS的FTP服务有关的安全漏洞,分别是:1)输入特定的命令后,IIS就能使服务器停机;2)容易推测出FTP服务的Guest帐号。 Are concerned with the IIS FTP service vulnerabilities are: 1) enter a specific command, IIS can make the server is down; 2) the FTP service is easy to speculate that the Guest account. 由于这些漏洞并不能够造成任何恶意命令都给予执行,所以影响不像前面提到的安全漏洞那么严重。 Since these vulnerabilities are not caused by any malicious commands can be given execution, so unlike the previously mentioned impact of serious security vulnerabilities. 如果使用此次发布的补丁的话就可以弥补这些漏洞。 If you use this patch release, then you can compensate for these flaws.
弥补过去的所有漏洞--过于自信不可取使用此次微软发布的补丁,不仅是此次公开的安全漏洞,就连以前发布的补丁(MS00-060、MS01-014、MS01-016)所能解决的问题也同样可以纠正。 Cover all the loopholes in the past - over-confidence is not desirable to use the Microsoft patch released, not only the public security vulnerabilities, and even the previously released patch (MS00-060, MS01-014, MS01-016) can be resolved The problem can also be corrected. 而且与普通的补丁不同的是,此次的补丁包含有,1)IIS4.0方面:Windows But also with ordinary patch is different is that the patch contains, 1) IIS4.0 in: Windows
NT 4.0 Service Pack 5以后发布的IIS相关安全补丁、2)IIS5.0方面:过去公布的所有IIS安全补丁。 NT 4.0 Service Pack 5 after the release of IIS-related security patches, 2) IIS5.0: the past, all IIS security patches released.
不过,过于自信是不可取的。 However, over-confidence is not desirable. 因为即使使用了这一补丁,也不能够完全消除系统的脆弱性。 Because even with this patch, the system is not able to completely eliminate the vulnerability. 正如微软在公开信息中所说的一样,还存在有系统管理人员不进行设定变更就无法弥补的安全漏洞(MS00-028、MS00-025、MS99-025、MS99-013)。 As Microsoft said in the same public information, there are system administrators not to change the setting can not make up for security vulnerabilities (MS00-028, MS00-025, MS99-025, MS99-013). 尤其是必须注意MS99-025的“MDAC(微软数据访问组件,Microsoft Especially the need to pay attention to MS99-025 the "MDAC (Microsoft Data Access Components, Microsoft
Data Access Components)的脆弱性”。另外,还应该参考“Internet Information Server Data Access Components) vulnerability. "You should also refer to" Internet Information Server
4.0安全检查单”和“Internet Information Services 5安全检查单”等进行必要的设定。 4.0 Safety Checklist "and" Internet Information Services 5 security checklist "and make the necessary settings.
此次的补丁仅以IIS为对象。 The patch only IIS as the target. 应该意识到它并不能弥补“Front Page Server Extensions”和“Index Should be aware that it does not make up for "Front Page Server Extensions" and "Index
Server”等安全漏洞(MS01-025,MS00-084,MS00-006)。 Server "and other security vulnerabilities (MS01-025, MS00-084, MS00-006).
另外,IIS4.0的补丁适用于Windows NT 4.0 Service Pack 5和6a,IIS5.0的补丁适用于Windows In addition, IIS4.0 patches for Windows NT 4.0 Service Pack 5 and 6a, IIS5.0 patch for Windows
2000或Windows 2000 Service Pack 1。 2000 or Windows 2000 Service Pack 1.
附 : With:
大量的HTTP请求导致IIS关闭 A large number of HTTP requests cause the IIS close
作者:Adam 出处:ChinaAsp Author: Adam Source: ChinaAsp
如果你的网站是NT,你用的是IIS If your site is NT, you use the IIS
那么,你是否碰到过这样的情况呢? So, you come across such a situation? ? ? ? ?
恶意的攻击者从一个表单不断发出HTTP request headers,你的服务器大量的内存被消耗,CPU资源占用100% Malicious attacker from a form issued with HTTP request headers, your server is a lot of memory consumption, CPU resources, take up 100%
导致你的IIS服务挂起,甚至于reboot机器 Cause you to hang the IIS service, and even reboot the machine
微软公布了一个补丁,大家有兴趣可以去看看…… Microsoft released a patch, we are interested can go and see ... ...
x86版本: x86 version:
http://www.securityfocus.com/external/ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/hdbrk-fix/x86 http://www.securityfocus.com/external/ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/hdbrk-fix/x86
Alpha版本: Alpha version:
http://www.securityfocus.com/external/ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/hdbrk-fix/alpha http://www.securityfocus.com/external/ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/hdbrk-fix/alpha
Tidak ada komentar:
Posting Komentar