漏洞信息详情
Microsoft Windows Negotiate SSP 代码问题漏洞
- CNNVD编号:CNNVD-200406-033
- 危害等级: 高危
- CVE编号: CVE-2004-0119
- 漏洞类型: 代码问题
- 发布时间: 2004-06-01
- 威胁类型: 远程
- 更新时间: 2020-11-17
- 厂 商: microsoft
- 漏洞来源: Discovery is credi...
漏洞简介
Windows 2000, Windows XP, and Windows Server 2003的Negotiate Security Software Provider (SSP)界面存在代码问题漏洞。远程攻击者借助精心制作的在认证协议区期间的SPNEGO NegTokenInit请求导致服务拒绝(无效的参考解崩溃)或者执行任意代码。
漏洞公告
Avaya has released an advisory to announce that Avaya System Products shipping on Microsoft platforms are also affected by this vulnerability. Avaya advise that customers follow the Microsoft recommendations for the resolution of this issue. The aforementioned advisory can be viewed at the following location:
http://support.avaya.com/jCMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple/CSS/jCMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple?temp.groupID=&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=161384&PAGE=avaya.CSS.CSSLvl1Detail&executeTransaction=avaya.CSS.UsageUpdate()
Microsoft has released fixes.
US-CERT has released an advisory TA04-104A to address this and other issues. Please see the referenced advisory for more information.
Microsoft Windows 2000 Server SP2
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A
-414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows 2000 Advanced Server SP2
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A
-414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows XP 64-bit Edition SP1
Microsoft Security Update for Windows XP 64 Bit Edition (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=C6B55EF2-D9FE-4DBE-AB7D-73A20C82FF73&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=C6B55EF2-D9FE
-4DBE-AB7D-73A20C82FF73&displaylang=en
Microsoft Windows 2000 Advanced Server SP4
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A
-414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows 2000 Professional SP3
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A
-414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Security Update for Windows Server 2003 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF
-453E-AE7E-7495864E8D8C&displaylang=en
Microsoft Windows 2000 Professional SP2
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A
-414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows Server 2003 Web Edition
Microsoft Security Update for Windows Server 2003 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF
-453E-AE7E-7495864E8D8C&displaylang=en
Microsoft Windows XP Home
Microsoft Security Update for Windows XP (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F
-43B9-A4F1-AF243B6168F3&displaylang=en
Microsoft Windows 2000 Advanced Server SP3
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A
-414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows XP Home SP1
Microsoft Security Update for Windows XP (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F
-43B9-A4F1-AF243B6168F3&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Security Update for Windows Server 2003 64 Bit Edition and Windows XP 64 Bit Edition Version 2003 (
http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883
-44A6-A107-6CD2D29FC6F5&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Security Update for Windows Server 2003 64 Bit Edition and Windows XP 64 Bit Edition Version 2003 (
http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883
-44A6-A107-6CD2D29FC6F5&displaylang=en
Microsoft Windows 2000 Server SP3
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A
-414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows Server 2003 Standard Edition
Microsoft Security Update for Windows Server 2003 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF-453E-AE7E-7495864E8D8C&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=EAB176D0-01CF
-453E-AE7E-7495864E8D8C&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Security Update for Windows Server 2003 64 Bit Edition and Windows XP 64 Bit Edition Version 2003 (
http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883-44A6-A107-6CD2D29FC6F5&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=C207D372-E883
-44A6-A107-6CD2D29FC6F5&displaylang=en
Microsoft Windows 2000 Server SP4
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A
-414C-B3EB-D2342FBB6C00&displaylang=en
Microsoft Windows XP Professional
Microsoft Security Update for Windows XP (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en">
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F
-43B9-A4F1-AF243B6168F3&displaylang=en
Microsoft Windows 2000 Professional SP4
Microsoft Security Update for Windows 2000 (KB835732)
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FB
参考网址
来源:BID
链接:https://www.securityfocus.com/bid/10113
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1962
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/638548
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1997
来源:CERT
链接:http://www.us-cert.gov/cas/techalerts/TA04-104A.HTML
来源:VULNWATCH
链接:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0081.HTML
来源:CIAC
链接:http://www.ciac.org/ciac/bulletins/o-114.sHTML
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/15715
来源:MS
链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1808
受影响实体
- Microsoft Windows_xp:Gold
- Microsoft Windows_2003_server:R2
- Microsoft Windows_2000
- Microsoft Internet_information_server
补丁
暂无
评论