Microsoft Windows 2000 IIS 5.0 .printer ISAPI扩展远程缓冲溢出漏洞(MS01-023)-安全小百科

Microsoft Windows 2000 IIS 5.0 .printer ISAPI扩展远程缓冲溢出漏洞(MS01-023)

漏洞ID	1106325	漏洞类型	未知
发布时间	2001-05-01	更新时间	2005-05-02
CVE编号	CVE-2001-0241	CNNVD-ID	CNNVD-200106-123
漏洞平台	Windows	CVSS评分	10.0

|漏洞来源

https://www.exploit-db.com/exploits/20818
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200106-123

|漏洞详情

MicrosoftWindows2000IIS5.0的打印ISAPI扩展接口建立了.printer扩展名到msw3prt.dll的映射关系，默认情况下该映射存在。该接口可以通过WEB远程调用打印机。处理.printer映射的msw3prt.dll存在一个缓冲区溢出漏洞，远程攻击者可以利用此漏洞通过溢出攻击在主机上以LocalSystem的权限执行任意指令。当远程用户提交对.printer的URL请求时，IIS5.0调用msw3prt.dll解释该请求。由于msw3prt.dll缺乏缓冲区边界检查，远程用户可以提交一个精心构造的针对.printer的URL请求，其”Host:”域包含大约420字节的数据，此时在msw3prt.dll中发生典型的缓冲区溢出，潜在允许执行任意指令。溢出发生后，WEB服务停止响应，Windows2000可以检查到WEB服务停止响应，从而自动重启它，因此系统管理员很难意识到发生过攻击。

|漏洞EXP

source: http://www.securityfocus.com/bid/2674/info
  
Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow the execution of arbitrary code. Typically a web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive web server it automatically performs a restart. Therefore, the administrator will be unaware of this attack.
  
* If Web-based Printing has been configured in group policy, attempts to disable or unmap the affected extension via Internet Services Manager will be overridden by the group policy settings. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20818.zip

|参考资料

来源:CERT/CCAdvisory:CA-2001-10
名称:CA-2001-10
链接:http://www.cert.org/advisories/CA-2001-10.html
来源:BID
名称:2674
链接:http://www.securityfocus.com/bid/2674
来源:MS
名称:MS01-023
链接:http://www.microsoft.com/technet/security/bulletin/ms01-023.asp
来源:BUGTRAQ
名称:20010501Windows2000IIS5.0Remotebufferoverflowvulnerability(RemoteSYSTEMLevelAccess)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=98874912915948&w;=2
来源:XF
名称:iis-isapi-printer-bo(6485)
链接:http://xforce.iss.net/static/6485.php
来源:OSVDB
名称:3323
链接:http://www.osvdb.org/3323
来源:USGovernmentResource:oval:org.mitre.oval:def:1068
名称:oval:org.mitre.oval:def:1068
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1068

相关推荐: OReilly WebSite 1.x/2.0 win-c-sample.exe Buffer Overflow Vulnerability

OReilly WebSite 1.x/2.0 win-c-sample.exe Buffer Overflow Vulnerability 漏洞ID 1105075 漏洞类型 Input Validation Error 发布时间 1997-01-06 更新…

文章版权归作者所有，未经允许请勿转载。

THE END