漏洞信息详情
Microsoft Windows 多个平台'smtpsvc.dll'DNS功能程序设计漏洞
- CNNVD编号:CNNVD-201005-107
- 危害等级: 中危
- CVE编号: CVE-2010-1689
- 漏洞类型: 加密问题
- 发布时间: 2010-05-07
- 威胁类型: 远程
- 更新时间: 2020-04-10
- 厂 商: microsoft
- 漏洞来源:
漏洞简介
Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。
Microsoft Windows 2000、Windows XP、Windows Server 2003、Windows Server 2008、Exchange Server 2003、Exchange Server 2007以及Exchange Server 2010中,smtpsvc.dll的DNS功能使用的交易ID,可在以往ID的基础上加1获得,因此ID很容易预测,受骗用户可以轻易伪造DNS响应。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Security Update for Windows Server 2008 (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=E29EAD69-000A -4982-A25C-F3981EDA381A
Microsoft Windows Server 2008 for x64-based Systems R2
Microsoft Security Update for Windows Server 2008 R2 x64 Edition (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=EB27CD2B-D514 -4405-8650-259A42E35155
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Security Update for Windows Server 2003 x64 Edition (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=644FF070-237B -4A73-B2E2-9FFFDAFA3927
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Security Update for Windows Server 2003 (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=F781E9E4-87D4 -4243-9D44-256424D75FEC
Microsoft Windows Server 2003 x64 SP2
Microsoft Security Update for Windows Server 2003 x64 Edition (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=644FF070-237B -4A73-B2E2-9FFFDAFA3927
Microsoft Windows Server 2008 for x64-based Systems 0
Microsoft Security Update for Windows Server 2008 x64 Edition (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=8F922E64-E3A6 -46FE-9A81-B2813EA6A330
Microsoft Windows 2000 Advanced Server SP4
Microsoft Security Update for Windows 2000 (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=88A0E872-01DE -495B-8EEC-D105A970DAA7
3DM Software Disk Management Software SP2
Microsoft Security Update for Windows Server 2003 (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=F781E9E4-87D4 -4243-9D44-256424D75FEC
Microsoft Windows Server 2003 Standard Edition SP2
Microsoft Security Update for Windows Server 2003 (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=F781E9E4-87D4 -4243-9D44-256424D75FEC
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Security Update for Windows Server 2008 x64 Edition (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=8F922E64-E3A6 -46FE-9A81-B2813EA6A330
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Security Update for Windows 2000 (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=88A0E872-01DE -495B-8EEC-D105A970DAA7
Microsoft Windows Server 2008 for 32-bit Systems 0
Microsoft Security Update for Windows Server 2008 (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=E29EAD69-000A -4982-A25C-F3981EDA381A
Microsoft Windows 2000 Professional SP4
Microsoft Security Update for Windows 2000 (KB976323)
http://www.microsoft.com/downloads/details.aspx?familyid=88A0E872-01DE -495B-8EEC-D105A970DAA7
Microsoft Exchange Server 2003 SP2
Microsoft Security Update for Exchange Server 2003 Service Pack 2 (KB976702)
http://www.microsoft.com/downloads/details.aspx?familyid=bc8391f8-5335 -496b-ad4c-bae38509be4a
参考网址
来源:MISC
链接:http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs
来源:BID
链接:http://www.securityfocus.com/bid/39908
来源:BID
链接:https://www.securityfocus.com/bid/39908
来源:SECTRACK
链接:http://securitytracker.com/id?1023939
来源:FULLDISC
链接:http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.HTML
受影响实体
- Microsoft Exchange_server:2007:Sp2:X64
- Microsoft Exchange_server:2003:Sp3
- Microsoft Exchange_server:2003:Sp2
- Microsoft Exchange_server:2000:Sp3
- Microsoft Exchange_server:2010:-:X64
补丁
暂无
评论