Nsfocus°²È«Ð¡×é(security@nsfocus.com)
http://www.nsfocus.com
·¢²¼ÈÕÆÚ: 2001/06/25
CVE CAN ID : CAN-2001-0341
BUGTRAQ ID : 2841
ÊÜÓ°ÏìµÄÈí¼þ¼°ÏµÍ³£º
==================
Microsoft FrontPage 2000 Server Extensions
- Microsoft IIS 4.0
- Microsoft IIS 5.0
×ÛÊö£º
=====
NSFOCUS°²È«Ð¡×é·¢ÏÖ΢ÈíFrontPage 2000 ·þÎñÆ÷À©Õ¹Èí¼þ°üÖеÄÒ»¸ö³ÌÐò´æÔÚ
Ò»¸ö»º³åÇøÒç³ö©¶´¡£Ô¶³Ì¹¥»÷Õß¿ÉÄÜÀûÓÃÕâ¸ö©¶´Ö´ÐÐÈÎÒâ´úÂë¡£
©¶´·ÖÎö£º
==========
΢ÈíFrontPage 2000 ·þÎñÆ÷À©Õ¹Èí¼þ°üÖдøÁËÒ»¸ö¶¯Ì¬Á´½Ó¿â:fp30reg.dll.
Ëü´æÔÚÒ»¸ö»º³åÇøÒç³ö©¶´¡£µ±Ïòfp30reg.dllÌá½»Ò»¸ö°üº¬³¬¹ý258×ֽڵij¤
URLÇëÇóʱ£¬½«´¥·¢Ò»¸ö»ùÓÚ¶ÑÕ»µÄ»º³åÇøÒç³ö¡£³É¹¦µØÀûÓÃÕâ¸ö©¶´£¬¹¥»÷
Õß¿ÉÒÔÔÚ±»¹¥»÷µÄÖ÷»úÉÏÔ¶³ÌÖ´ÐÐÈÎÒâ´úÂë¡£
Èç¹ûfp30reg.dllÊÕµ½µ½Ò»¸öËü²»Àí½âµÄ²ÎÊýʱ£¬Ëü»á·µ»ØÒ»¸ö´íÎóÐÅÏ¢¸øÇëÇóÕߣº
"The server is unable to perform the method [Óû§ÌṩµÄ²ÎÊý] at this
time"
Õâ¸ö´íÎóÐÅÏ¢±»±£´æÔÚ¶ÑÕ»ÖеÄÒ»¸ö»º³åÇøÖС£fp30reg.dllµ÷ÓÃ
USER32.wsprintfA()À´¹¹Ôì·µ»ØÏûÏ¢£¬ÓÉÓÚûÓмì²éÓû§ÊäÈëÊý¾ÝµÄ³¤¶È£¬¹¥»÷
Õß¿ÉÒÔÖØдijЩÖØÒªµÄÄÚ´æµØÖ·ÒԸıä³ÌÐòÁ÷³Ì£¬ÀýÈ磺Òì³£½á¹¹»òÕß±£´æµÄ·µ
»ØµØÖ·µÈ¡£
USER32.wsprintfA()Óõ½µÄ¸ñʽ´®Îª£º
<HEAD><TITLE>HTTP Error 501</TITLE></HEAD><BODY><H1>NOT IMPLEMENTED</H1>
The server is unable to perform the method <b>%s</b> at this time.</BODY>
ËüÒ²±»±£´æÔÚ¶ÑÕ»ÖУ¬¶øÇÒËüµÄµØÖ·ÔÚ(Ä¿±ê»º³åÇøµØÖ· + 256×Ö½Ú)´¦£¬Òò´ËÔÚ
Òç³ö·¢Éúʱ£¬¸ñʽ´®»á±»ÖØд£¬¹¥»÷Õß±ØÐëÉ跨ʹ¿½±´Ë³ÀûÍê³É¡£
Èç¹û¹¥»÷ÕßʹÓÃËæ»úÊý¾Ý£¬¿Éµ¼ÖÂIISÍ£Ö¹ÏìÓ¦¡£
¶ÔÓÚIIS 5.0, IIS·þÎñ»á×Ô¶¯ÖØÐÂÆô¶¯¡£¶ø¶ÔÓÚIIS 4.0,ÐèÒªÊÖ¹¤ÖØÆô·þÎñ¡£
³É¹¦µØÀûÓÃÕâ¸ö©¶´£¬
ÔÚIIS 5.0ÖУ¬¹¥»÷Õß¿ÉÒÔ»ñÈ¡IWAM_machinenameÓû§µÄȨÏÞ.
ÔÚIIS 4.0ÖУ¬¹¥»÷Õß¿ÉÒÔ»ñÈ¡Local SYSTEMȨÏÞ¡£
×¢Ò⣺
fp30reg.dllÔÚÁíÍâÒ»¸öĿ¼:
"\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\"
ÏÂÓÐÒ»·Ý¿½±´£¬Ãû×ÖΪ: fp4areg.dll.
¹¥»÷ÕßÒ²¿ÉÒÔÀûÓÃunicodeµÈ©¶´À´·ÃÎÊÕâ¸ö³ÌÐò¡£
©¶´²âÊÔ£º
==========
Èç¹ûÖ»Ìá½»258×Ö½Ú³¤µÄ²ÎÊý£¬Òç³ö²»»á·¢Éú£º
$ curl http://xx.xx.xx.xx/_vti_bin/_vti_aut/fp30reg.dll?`perl -e 'print "A"x258'`
<HEAD><TITLE>HTTP Error 501</TITLE></HEAD><BODY><H1>NOT IMPLEMENTED</H1>
The server is unable to perform the method <b>AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAA</b> at this time.</BODY>
µ«ÊÇ£¬Èç¹û³¤¶È³¬¹ý258×Ö½Ú£¬¾Í½«´¥·¢»º³åÇøÒç³ö£º
$ curl http://xx.xx.xx.xx/_vti_bin/_vti_aut/fp30reg.dll?`perl -e 'print "A"x259'`
<html><head><title>Error</title></head><body>The remote procedure call failed.
</body></html>
ÎÒÃÇÒ²ÌṩÁËÒ»¸öÑÝʾ³ÌÐò£º
http://www.nsfocus.com/proof/fpse2000ex.c
ÁÙʱ½â¾ö·½·¨:
===========
ɾ³ý»ò½ûÖ¹ÈκÎÈË·ÃÎÊfp30reg.dllºÍfp4areg.dll
³§ÉÌ״̬£º
==========
2001.4.13 ÎÒÃǽ«Õâ¸öÎÊÌâͨ±¨¸øÁË΢Èí¹«Ë¾¡£
2001.4.15 ΢Èí¸æÖªÖØÏÖÁËÕâ¸öÎÊÌâ
2001.5.18 ΢ÈíÌṩÁ˲¹¶¡³ÌÐò¹©²âÊÔ£¬²âÊÔ·¢ÏÖ´ËÎÊÌâÒѱ»½â¾ö
2001.6.21 ΢ÈíÒѾʹ˷¢²¼ÁËÒ»¸ö°²È«¹«¸æ(MS01-035)ÒÔ¼°ÏàÓ¦²¹¶¡
Äú¿ÉÒÔÔÚÏÂÁеØÖ·¿´µ½Î¢Èí°²È«¹«¸æµÄÏêϸÄÚÈÝ£º
http://www.microsoft.com/technet/security/bulletin/ms01-035.asp
²¹¶¡³ÌÐò¿ÉÒÔÔÚÏÂÁеØÖ·ÏÂÔØ£º
. Microsoft Windows NT 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31038
. Microsoft Windows 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30727
¸½¼ÓÐÅÏ¢£º
==========
ͨÓ鶴Åû¶(Common Vulnerabilities and Exposures)×éÖ¯CVEÒѾΪ´ËÎÊÌâ
·ÖÅäÁËÒ»¸öºòÑ¡Ãû CAN-2001-0341¡£´ËÃû×ÖÊÇΪÁËÊÕ¼½øCVEÁбí×öºòÑ¡Ö®ÓÃ,
(http://cve.mitre.org)CVEÁбíÖÂÁ¦ÓÚʹ°²È«ÎÊÌâµÄÃüÃû±ê×¼»¯¡£ºòÑ¡ÃûÔÚ±»
Õýʽ¼ÓÈëCVEÁбí֮ǰ¿ÉÄÜ»áÓнϴóµÄ±ä»¯¡£
Éù Ã÷
==========
±¾°²È«¹«¸æ½öÓÃÀ´ÃèÊö¿ÉÄÜ´æÔڵݲȫÎÊÌ⣬ÖÐÁªÂÌÃËÐÅÏ¢¼¼Êõ¹«Ë¾²»Îª´Ë°²È«
¹«¸æÌṩÈκα£Ö¤»ò³Ðŵ¡£ÓÉÓÚ´«²¥¡¢ÀûÓô˰²È«¹«¸æËùÌṩµÄÐÅÏ¢¶øÔì³ÉµÄÈÎ
ºÎÖ±½Ó»òÕß¼ä½ÓµÄºó¹û¼°Ëðʧ£¬¾ùÓÉʹÓÃÕß±¾È˸ºÔð£¬ÖÐÁªÂÌÃËÐÅÏ¢¼¼Êõ¹«Ë¾ÒÔ
¼°°²È«¹«¸æ×÷Õß²»Îª´Ë³Ðµ£ÈκÎÔðÈΡ£
ÖÐÁªÂÌÃËÐÅÏ¢¼¼Êõ¹«Ë¾ÓµÓжԴ˰²È«¹«¸æµÄÐ޸ĺͽâÊÍȨ¡£ÈçÓûתÔØ»ò´«²¥´Ë°²
È«¹«¸æ£¬±ØÐë±£Ö¤´Ë°²È«¹«¸æµÄÍêÕûÐÔ£¬°üÀ¨°æȨÉùÃ÷µÈÈ«²¿ÄÚÈÝ¡£Î´¾ÖÐÁªÂÌ
ÃËÐÅÏ¢¼¼Êõ¹«Ë¾ÔÊÐí£¬²»µÃÈÎÒâÐ޸ĻòÕßÔö¼õ´Ë°²È«¹«¸æÄÚÈÝ£¬²»µÃÒÔÈκη½Ê½
½«ÆäÓÃÓÚÉÌҵĿµÄ¡£
¹Ø ÓÚ ÎÒ ÃÇ
===========
ÖÐÁªÂÌÃËÐÅÏ¢¼¼Êõ£¨±±¾©£©ÓÐÏÞ¹«Ë¾³ÉÁ¢ÓÚ2000Äê3Ô£¬ÊǹúÄÚרҵ´ÓÊÂÍøÂç°²
È«·þÎñµÄ¸ß¿Æ¼¼ÆóÒµ£¬ÖÂÁ¦ÓÚÍøÂ簲ȫ¼¼ÊõÑо¿¡¢ÍøÂ簲ȫ²úÆ·¿ª·¢£¬ÌṩÓÉÍø
ÂçϵͳÈëÇÖ¼ì²â¡¢×÷ϵͳ°²È«¡¢ÍøÂç·þÎñ°²È«¡¢³ÌÐò°²È«ÎªÖصãµÄÕûÌåÍøÂç°²
È«·½°¸£¬²¢ÐÖú½¨Á¢ÑÏÃܵÄÍøÂ簲ȫÖƶȣ¬Ìá¸ß¹úÄÚµÄÍøÂ簲ȫˮƽ£¬Îª
¿Í»§ÌṩǿÓÐÁ¦µÄ°²È«±£ÕÏ¡£
¡¡¡¡ÖÐÁªÂÌÃËÐÅÏ¢¼¼Êõ£¨±±¾©£©ÓÐÏÞ¹«Ë¾³ÉÁ¢ºó£¬Æ䰲ȫ¼¼ÊõÑо¿²¿ÃŶԹúÄÚ
Íâ×îеÄÍøÂçϵͳ°²È«Â©¶´½øÐÐ×ʱºÍ×î½ôÃܵĸú×Ù£¬¶ÔÖØ´ó°²È«ÎÊÌâ¸ü³É
Á¢×¨ÏîÑо¿Ð¡×é½øÐм¼Êõ¹¥¹Ø£¬È¡µÃÁËһϵÁÐÔÚ¹úÄÚ¡¢ÉõÖÁÊǹúÍâ´¦ÓÚÁìÏÈË®
ƽµÄÓÅÐã³É¹û¡£°²È«²úÆ·¿ª·¢²¿ÃžßÓпª·¢ÍøÂ簲ȫÆÀ¹Àϵͳ¡¢ÍøÂç/ϵͳ·À»ð
ǽ¡¢ÈëÇÖ¼à²âϵͳ¡¢ÄÚÈݹýÂËϵͳµÈ¸ß¼¼Êõº¬Á¿ÍøÂ簲ȫ²úÆ·µÄ¼¼ÊõʵÁ¦ºÍ¾
Ñ飬ÒѾÍƳöÁ˾ßÓйú¼ÊÁìÏÈˮƽµÄ°²È«²úƷϵÁС£
¡¡¡¡ÖÐÁªÂÌÃËÐÅÏ¢¼¼Êõ£¨±±¾©£©ÓÐÏÞ¹«Ë¾¶¨Î»ÓÚÍøÂçϵͳ°²È«¼¯³ÉÉÌ£¬Ìṩȫ
ÃæµÄÍøÂ簲ȫÕûÌå½â¾ö·½°¸¡¢ÏȽøµÄÍøÂ簲ȫ¼¼Êõ·þÎñºÍÓÅÐãµÄÍøÂ簲ȫ²úÆ·¡£
ÖÐÁªÂÌÃËÐÅÏ¢¼¼Êõ(±±¾©)ÓÐÏÞ¹«Ë¾ÁªÏµ·½Ê½£º
±±¾©×ܲ¿£º
µØÖ·£º±±¾©³¯ÑôÇø±±Èý»·¶«Â·8ºÅ¾²°²ÖÐÐÄ8072ÊÒ
Óʱࣺ100028
µç»°£º010-64601502
´«Õ棺010-64602097
email£ºwebmaster@nsfocus.com
ÉϺ£·Ö¹«Ë¾£º
µØÖ·£ºÉϺ£ËÄ´¨Öз126Ū18ºÅÔª·¼ÉÌÎñÖÐÐÄ202BÊÒ
Óʱࣺ200001
µç»°£º021-33130516
¹ãÖÝ·Ö¹«Ë¾£º
µØÖ·£º¹ãÖÝÊл·Êж«Â·339ºÅ¹ã¶«¹ú¼Ê´óÏÃA¸½Â¥24B
Óʱࣺ510095
µç»°£º020-83311175, 020-83311176
´«Õ棺020-83319025
©°æȨËùÓÐ 1999-2001£¬ÖÐÁªÂÌÃËÐÅÏ¢¼¼Êõ¹«Ë¾
|
