微软IIS 5.0泄漏索引目录的漏洞 Microsoft IIS 5.0 leaks vulnerability index directory

受影响的系统: Microsoft IIS 5.0 Affected systems: Microsoft IIS 5.0
+ Microsoft Windows NT 2000 + Microsoft Windows NT 2000

描述: Description:

如果IIS 5.0中的Index If the Index in IIS 5.0
Server被允许的话，远程用户就可能察看整个根目录结构以及所有子目录，这是因为WebDAV的查找实现中存在一个缺陷。 Server is permitted, remote users could look at the root directory structure and all subdirectories, this is because the WebDAV implementation to find a flaw. 隐藏目录、包含文件（*.inc）或其它在正常的网站界面中一般不能存取的文档就会由于这个漏洞而泄漏。 Hidden directory that contains files (*. inc) or other in the normal web interface can not access the documents in general because of this loophole and will leak.

成功地利用这个漏洞就可能找到那些可能包含敏感信息如用户名和密码的特定文件。 Successfully exploited this vulnerability could find that may contain sensitive information such as user name and password specific file.
默认情况下IIS 5.0中的Index Server是被禁止的，只有设置了“Index”属性的目录才会受到这个漏洞的影响。 By default in IIS 5.0, Index Server is prohibited, and only set the "Index" attribute of the directory will be affected by this vulnerability.

<* 来源：David Litchfield *> <* Source: David Litchfield *>

测试程序： Test procedure:

警告 Warning

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。 The following procedures (methods) may carry offensive, for security research and teaching purposes. 使用者风险自负！ Users own risk!


发送如下的请求给服务器： Sent the following request to the server:
SEARCH / HTTP/1.1 SEARCH / HTTP/1.1
Host: target Host: target
Content-Type: text/xml Content-Type: text / xml
Content-Length: 133 Content-Length: 133




Select "DAV:displayname" from scope() Select "DAV: displayname" from scope ()



建议: Recommendation:
临时解决办法： Temporary solution:

NSFOCUS建议您使用微软提供的解决方案： NSFOCUS recommend that you use Microsoft's solution:
如果您没有使用Index Server（比如您的网站中没有需要查找的内容），禁止或卸载该服务。 If you are not using Index Server (such as your website does not need to find the content), prohibit or uninstall the service. 或者将包含敏感信息的目录的“Index this Or directories that contain sensitive information, "Index this
resource”的选项禁止。 resource "option disabled.

厂商补丁： Manufacturers patch:

微软已发布一篇知识库文章详细描述了这个问题的解决方法，可以在如下的位置找到这篇文章： Microsoft has released a Knowledge Base article describes in detail the solution to this problem can be found in the following article:
http://www.microsoft.com/technet/support/kb.asp?ID=272079 http://www.microsoft.com/technet/support/kb.asp?ID=272079