广告联盟网

标题: 漏洞结果...如何利用 [打印本页]

作者: 湘芸    时间: 2007-7-14
标题: 漏洞结果...如何利用
主机摘要 - OS: Unknown OS; PORT/TCP: 21, 80, 514, 3389, 6002, 8181 <br /> <br /><br />[返回顶部]<br /><br /><br />主机地址 端口/服务 服务漏洞 <br />219.159.83.133 www (80/tcp) 发现安全警告 <br />219.159.83.133 cmd (514/tcp) 发现安全提示 <br />219.159.83.133 x11 X Window System (6002/tcp) 发现安全提示 <br />219.159.83.133 www (8181/tcp) 发现安全漏洞 <br />219.159.83.133 Windows Terminal Services (3389/tcp) 发现安全提示 <br />219.159.83.133 ftp (21/tcp) 发现安全提示 <br />219.159.83.133 msrdp (3389/tcp) 发现安全警告 <br />219.159.83.133 http-rpc-epmap (593/tcp) 发现安全警告 <br /> <br /><br /><br />安全漏洞及解决方案:xxxx<br />类型 端口/服务 安全漏洞及解决方案 <br />警告 www (80/tcp) WebDAV enabled<br /><br />远程服务器当前运行WebDAV服务,WebDAV 服务是HTTP规范的一个扩展的标准。它让远程用户对服务器添加授权的用户和管理添加服务器的内容。如果你不使用这个功能,请禁用它。<br /><br />解决方案:<a href="http://support.microsoft.com/default.aspx?kbid=241520" target="_blank">http://support.microsoft.com/default.aspx?kbid=241520</a><br />风险等级:中<br />___________________________________________________________________<br /><br /><br />The remote server is running with WebDAV enabled. <br /><br />WebDAV is an industry standard extension to the HTTP specification.<br />It adds a capability for authorized users to remotely add and manage<br />the content of a web server.<br /><br />If you do not use this extension, you should disable it.<br /><br />Solution : See <a href="http://support.microsoft.com/default.aspx?kbid=241520" target="_blank">http://support.microsoft.com/default.aspx?kbid=241520</a><br />Risk factor : Medium<br />NESSUS_ID : 11424<br /> <br />提示 www (80/tcp) 开放服务<br /><br />&quot;WEB&quot;服务运行于该端口<br />BANNER信息 : <br /><br />HTTP/1.1 200 OK <br />Content-Length: 1193 <br />Content-Type: text/html <br />Content-Location: <a href="http://192.168.43.7/iisstart.htm" target="_blank">http://192.168.43.7/iisstart.htm</a> <br />Last-Modified: Fri, 21 Feb 2003 12:15:52 GMT <br />Accept-Ranges: bytes <br />ETag: &quot;0ce1f9a2d9c21:1c0f&quot; <br />Server: Microsoft-IIS/6.0 <br />X-Powered-By: ASP.NET <br />Date: Sat, 14 Jul 2007 09:36:57 GMT <br />Connection: close <br /><br />&lt;html&gt; <br /><br />&lt;head&gt; <br />&lt;meta HTTP-EQUIV=&quot;Content-Type&quot; Content=&quot;text/html<br />charset=gb2312&quot;&gt; <br /><br /><br />&lt;title ID=titletext&gt;建设中&lt;/title&gt; <br />&lt;/head&gt; <br /><br />&lt;body bgcolor=w<br />NESSUS_ID : 10330<br /> <br />提示 www (80/tcp) 目录扫描器<br /><br />该插件试图确认远程主机上存在的各普通目录<br />___________________________________________________________________<br /><br />The following directories were discovered:<br />/app<br /><br />While this is not, in and of itself, a bug, you should manually inspect <br />these directories to ensure that they are in compliance with company<br />security standards<br /><br />NESSUS_ID : 11032<br />Other references : OWASP:OWASP-CM-006<br /> <br />提示 cmd (514/tcp) 开放服务<br /><br />&quot;cmd&quot;服务可能运行于该端口.<br /><br />NESSUS_ID : 10330<br /> <br />提示 x11 X Window System (6002/tcp) 开放服务<br /><br />&quot;x11 X Window System&quot;服务可能运行于该端口.<br /><br />NESSUS_ID : 10330<br /> <br />漏洞 www (8181/tcp) phpMyAdmin 多个远程漏洞<br /><br />远程主机运行phpMyAdmin,PHP编写的用来在WEB环境下管理MySQL的开源软件。<br /><br />远程主机运行的版本存在以下一种或者两种缺陷:<br /><br />- 攻击者可以远程溢出这个版本,并在运行非安全模式PHP的服务器上的执行任意代码。<br /><br />- 攻击者可能可以通过'read_dump.php'的参数'sql_localfile'读取远程服务器上的任意文件。<br /><br />解决方案: 升级至 2.6.1-rc1 或更高版本<br />风险等级: 高<br />___________________________________________________________________<br /><br /><br />The remote host is running phpMyAdmin, an open-source software<br />written in PHP to handle the administration of MySQL over the Web.<br /><br />The remote version of this software is vulnerable to one (or both)<br />of the following flaws :<br /><br />- An attacker may be able to exploit this software to execute arbitrary<br />commands on the remote host on a server which does not run PHP in safe mode.<br /><br />- An attacker may be able to read arbitrary files on the remote host<br />through the argument 'sql_localfile' of the file 'read_dump.php'.<br /><br />Solution : Upgrade to version 2.6.1-rc1 or newer<br />Risk factor : High<br />CVE_ID : CAN-2004-1147, CAN-2004-1148<br />BUGTRAQ_ID : 11886<br />NESSUS_ID : 15948<br /> <br />漏洞 www (8181/tcp) phpMyAdmin远程命令执行<br /><br />远程主机正在运行phpMyAdmin -- 一个通过web方式来管理MySQL的PHP编写的开放源代码软件.<br /><br />由于没有正确地处理用户所提交的数据, 此软件容易受到任意命令执行的危害.<br /><br />解决方案 : 升级到版本2.6.0-pl2或更高<br />风险等级 : 高<br />___________________________________________________________________<br /><br /><br />The remote host is running phpMyAdmin, an open-source software<br />written in PHP to handle the administration of MySQL over the Web.<br /><br />The remote version of this software is vulnerable to arbitrary<br />command execution due to a lack of user-supplied data<br />sanitization.<br /><br />Solution : Upgrade to version 2.6.0-pl2 or newer<br />Risk factor : High<br />BUGTRAQ_ID : 11391<br />NESSUS_ID : 15478<br /> <br />警告 www (8181/tcp) phpMyAdmin XSS<br /><br />运行phpmyadmin的远程主机<br />它是一个开放源代码,用PHP编写的方便用web形式管理MYSQL软件.<br /><br />这个版本有一个易于受到攻击的脚本<br />read_dump.php这个脚本文件<br /><br />通过构造一个特别的URL,攻击者能<br />执行任意的代码.<br /><br />解决方案:升级到2.6.0-pl3或者更新的版本<br />风险等级:中<br />___________________________________________________________________<br /><br /><br />The remote host is running phpMyAdmin, an open-source software<br />written in PHP to handle the administration of MySQL over the Web.<br /><br />The remote version of this software is vulnerable to one (or both)<br />of the following flaws :<br /><br />- An attacker may be able to exploit this software to execute arbitrary<br />commands on the remote host on a server which does not run PHP in safe mode.<br /><br />- An attacker may be able to read arbitrary files on the remote host<br />through the argument 'sql_localfile' of the file 'read_dump.php'.<br /><br />Solution : Upgrade to version 2.6.1-rc1 or newer<br />Risk factor : High<br />CVE_ID : CAN-2004-1147, CAN-2004-1148<br />BUGTRAQ_ID : 11886<br />NESSUS_ID : 15770<br /> <br />警告 www (8181/tcp) phpinfo.php<br /><br /><br />The following files are calling the function phpinfo() which<br />disclose potentially sensitive information to the remote attacker : <br />/phpMyAdmin/phpinfo.php<br /><br /><br />Solution : Delete them or restrict access to them<br />Risk factor : Low<br />NESSUS_ID : 11229<br /> <br />警告 www (8181/tcp) Apache mod_include的权限提升<br /><br />远程web服务器正在运行一个版本低于1.3.33的Apache.<br /><br />此版本在'mod_include'模块的get_tag()函数中存在一个本地缓冲溢出. 此溢出发生在通过HTTP会话请求一个包含错误格式SSI(Server-Side Includes)的特别构造的文档的时候.<br /><br />成功利用这个漏洞可导致以提升了的权限来执行任意代码, 但需要允许SSI.<br /><br />解决方案: 禁止SSI或升级到更高的版本.<br />风险等级: 中<br />___________________________________________________________________<br /><br /><br />The remote web server appears to be running a version of Apache that is older<br />than version 1.3.33.<br /><br />This version is vulnerable to a local buffer overflow in the get_tag()<br />function of the module 'mod_include' when a specially crafted document <br />with malformed server-side includes is requested though an HTTP session.<br /><br />Successful exploitation can lead to execution of arbitrary code with <br />escalated privileges, but requires that server-side includes (SSI) is enabled.<br /><br />Solution: Disable SSI or upgrade to a newer version when available.<br />Risk factor: Medium<br />CVE_ID : CAN-2004-0940<br />BUGTRAQ_ID : 11471<br />NESSUS_ID : 15554<br /> <br />警告 www (8181/tcp) Apache mod_proxy内容长度缓冲溢出<br /><br />远程web服务器正在运行一个版本低于1.3.32的Apache.<br /><br />此版本在mod_proxy模块的proxy_util.c中存在一个基于堆的缓冲溢出. 此问题可导致远程攻击者引发拒绝服务或可能在服务器上执行任意代码.<br /><br />解决方案: 不使用mod_proxy模块或升级到更高的版本.<br />风险等级: 中<br />___________________________________________________________________<br /><br /><br />The remote web server appears to be running a version of Apache that is older<br />than version 1.3.32.<br /><br />This version is vulnerable to a heap based buffer overflow in proxy_util.c<br />for mod_proxy. This issue may lead remote attackers to cause a denial of <br />service and possibly execute arbitrary code on the server.<br /><br />Solution: Don't use mod_proxy or upgrade to a newer version.<br />Risk factor: Medium<br />CVE_ID : CAN-2004-0492<br />BUGTRAQ_ID : 10508<br />NESSUS_ID : 15555<br /> <br />警告 www (8181/tcp) Apache mod_access rule bypass<br /><br /><br />The target is running an Apache web server that may not properly handle<br />access controls. In effect, on big-endian 64-bit platforms, Apache<br />fails to match allow or deny rules containing an IP address but not a<br />netmask. <br /><br />***** Nessus has determined the vulnerability exists only by looking at<br />***** the Server header returned by the web server running on the target.<br />***** If the target is not a big-endian 64-bit platform, consider this a <br />***** false positive. <br /><br />Additional information on the vulnerability can be found at :<br /><br />- <a href="http://www.apacheweek.com/features/security-13" target="_blank">http://www.apacheweek.com/features/security-13</a><br />- <a href="http://marc.theaimsgroup.com/?l=apache-cvs&amp;m=107869603013722" target="_blank">http://marc.theaimsgroup.com/?l=apache-cvs&amp;m=107869603013722</a><br />- <a href="http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850" target="_blank">http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850</a><br /><br />Solution : Upgrade to Apache version 1.3.31 or newer.<br />Risk factor : Medium<br />CVE_ID : CVE-2003-0993<br />BUGTRAQ_ID : 9829<br />NESSUS_ID : 14177<br />Other references : GLSA:GLSA 200405-22, MDKSA:MDKSA-2004:046, OpenPKG-SA:OpenPKG-SA-2004.021-apache, SSA:SSA:2004-133-01, TSLSA:TSLSA-2004-0027<br /> <br />警告 www (8181/tcp) Apache Error Log Escape Sequence Injection<br /><br /><br />The target is running an Apache web server which allows for the<br />injection of arbitrary escape sequences into its error logs. An<br />attacker might use this vulnerability in an attempt to exploit similar<br />vulnerabilities in terminal emulators. <br /><br />***** Nessus has determined the vulnerability exists only by looking at<br />***** the Server header returned by the web server running on the target.<br /><br />Solution : Upgrade to Apache version 1.3.31 or 2.0.49 or newer.<br />Risk factor : Low<br />CVE_ID : CVE-2003-0020<br />BUGTRAQ_ID : 9930<br />NESSUS_ID : 12239<br />Other references : APPLE-SA:APPLE-SA-2004-05-03, CLSA:CLSA-2004:839, HPSB:HPSBUX01022, RHSA:RHSA-2003:139-07, RHSA:RHSA-2003:243-07, MDKSA:MDKSA-2003:050, OpenPKG-SA:OpenPKG-SA-2004.021-apache, SSA:SSA:2004-133-01, SuSE-SA:SuSE-SA:2004:009, TLSA:TLSA-2004-11, TSLSA:TSLSA-2004-0017<br /> <br />警告 www (8181/tcp) Apache 拒绝服务连接<br /><br />正在运行的远程网络服务器是版本号低于 <br />2.0.49 或 1.3.31. 的Apache服务器。<br /><br />这些版本容易受到拒绝服务攻击。一个远程 <br />进攻者能够通过一个极少使用的端口连接到服务器监听中的套接字, <br />从而阻塞(其他用户)连接到服务器。<br /><br />解决方案: 将 Apache 升级到 2.0.49 或 1.3.31.<br />___________________________________________________________________<br /><br />The remote web server appears to be running a version of <br />Apache that is less that 2.0.49 or 1.3.31.<br /><br />These versions are vulnerable to a denial of service attack where a remote <br />attacker can block new connections to the server by connecting to a listening <br />socket on a rarely accessed port.<br /><br />Solution: Upgrade to Apache 2.0.49 or 1.3.31.<br />CVE_ID : CAN-2004-0174<br />BUGTRAQ_ID : 9921<br />NESSUS_ID : 12280<br /> <br />警告 www (8181/tcp) Apache &lt;= 1.3.31 htpasswd本地缓冲区溢出漏洞<br /><br />远程主机正在运行的Apache版本低于1.3.32.<br /><br />该版本的htpasswd命令存在缓冲区溢出漏洞, <br />可导致本地攻击者获取httpd进程的特权.<br /><br />参见 : <a href="http://xforce.iss.net/xforce/xfdb/17413" target="_blank">http://xforce.iss.net/xforce/xfdb/17413</a><br />解决方案 : 升级到Apache 1.3.32<br />风险等级 : 高<br />___________________________________________________________________<br /><br /><br />The remote host appears to be running Apache 1.3.33 or older.<br /><br />There is a local buffer overflow in the 'htpasswd' command in these<br />versions that may allow a local user to gain elevated privileges if<br />'htpasswd' is run setuid or a remote user to run arbitrary commands<br />remotely if the script is accessible through a CGI. <br /><br />*** Note that Nessus solely relied on the version number<br />*** of the remote server to issue this warning. This might<br />*** be a false positive<br /><br />See also : <a href="http://archives.neohapsis.com/archives/bugtraq/2004-10/0345.html" target="_blank">http://archives.neohapsis.com/archives/bugtraq/2004-10/0345.html</a><br />Solution : Make sure htpasswd does not run setuid and is not accessible<br />through any CGI scripts.<br />Risk factor : Medium<br />BUGTRAQ_ID : 13777, 13778<br />NESSUS_ID : 14771<br /> <br />提示 www (8181/tcp) 开放服务<br /><br />&quot;WEB&quot;服务运行于该端口<br />BANNER信息 : <br /><br />HTTP/1.1 200 OK <br />Date: Sat, 14 Jul 2007 09:37:03 GMT <br />Server: Apache/1.3.29 (Win32) <br />Last-Modified: Fri, 22 Jun 2007 12:04:25 GMT <br />ETag: &quot;0-277-467bbac9&quot; <br />Accept-Ranges: bytes <br />Content-Length: 631 <br />Connection: close <br />Content-Type: text/html <br /><br />&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01 Transitional//EN&quot;&gt; <br />&lt;html&gt; <br />&lt;head&gt; <br />&lt;title&gt;index.html&lt;/title&gt; <br /><br />&lt;meta http-equiv=&quot;keywords&quot; content=&quot;keyword1,keyword2,keyword3&quot;&gt; <br />&lt;meta http-equiv=&quot;description&quot; cont<br />NESSUS_ID : 10330<br /> <br />提示 www (8181/tcp) http TRACE 跨站攻击<br /><br />你的webserver支持TRACE 和/或 TRACK 方式。 TRACE和TRACK是用来调试web服务器连接的HTTP方式。<br /><br />支持该方式的服务器存在跨站脚本漏洞,通常在描述各种浏览器缺陷的时候,把&quot;Cross-Site-Tracing&quot;简称为XST。<br /><br />攻击者可以利用此漏洞欺骗合法用户并得到他们的私人信息。<br /><br />解决方案: 禁用这些方式。<br /><br /><br />如果你使用的是Apache, 在各虚拟主机的配置文件里添加如下语句:<br /><br />RewriteEngine on<br />RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)<br />RewriteRule .* - [F]<br /><br />如果你使用的是Microsoft IIS, 使用URLScan工具禁用HTTP TRACE请求,或者只开放满足站点需求和策略的方式。<br /><br />如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更高的版本, 在obj.conf文件的默认object section里添加下面的语句:<br />&lt;Client method=&quot;TRACE&quot;&gt;<br />AuthTrans fn=&quot;set-variable&quot;<br />remove-headers=&quot;transfer-encoding&quot;<br />set-headers=&quot;content-length: -1&quot;<br />error=&quot;501&quot;<br />&lt;/Client&gt;<br /><br />如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更低的版本, 编译如下地址的NSAPI插件:<br /><a href="http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603" target="_blank">http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603</a><br /><br /><br />参见<a href="http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf" target="_blank">http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf</a><br /><a href="http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html" target="_blank">http://archives.neohapsis.com/ar ... h/2003-q1/0035.html</a><br /><a href="http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603" target="_blank">http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603</a><br /><a href="http://www.kb.cert.org/vuls/id/867593" target="_blank">http://www.kb.cert.org/vuls/id/867593</a><br /><br />风险等级: 中<br />___________________________________________________________________<br /><br /><br />The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK<br />are HTTP methods which are used to debug web server connections. <br /><br />It has been shown that servers supporting this method are subject<br />to cross-site-scripting attacks, dubbed XST for<br />&quot;Cross-Site-Tracing&quot;, when used in conjunction with<br />various weaknesses in browsers.<br /><br />An attacker may use this flaw to trick your legitimate web users to <br />give him their credentials.<br /><br /><br />Solution : <br />Add the following lines for each virtual host in your configuration file :<br /><br />RewriteEngine on<br />RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)<br />RewriteRule .* - [F]<br /><br /><br />See also <a href="http://www.kb.cert.org/vuls/id/867593" target="_blank">http://www.kb.cert.org/vuls/id/867593</a><br />Risk factor : Medium<br />BUGTRAQ_ID : 9506, 9561, 11604<br />NESSUS_ID : 11213<br /> <br />提示 www (8181/tcp) 目录扫描器<br /><br />该插件试图确认远程主机上存在的各普通目录<br />___________________________________________________________________<br /><br />The following directories were discovered:<br />/cgi-bin, /icons, /php, /phpMyAdmin<br /><br />While this is not, in and of itself, a bug, you should manually inspect <br />these directories to ensure that they are in compliance with company<br />security standards<br /><br />NESSUS_ID : 11032<br />Other references : OWASP:OWASP-CM-006<br /> <br />提示 www (8181/tcp) HTTP 服务器类型及版本<br /><br />发现 HTTP 服务器的类型及版本号.<br /><br />解决方案: 配置服务器经常更改名称,如:'Wintendo httpD w/Dotmatrix display'<br />确保移除类似 apache_pb.gif 带有 Apache 的通用标志, 可以设定 'ServerTokens Prod' 为受限<br />该信息来源于服务器本身的响应首部.<br /><br />风险等级 : 低<br />___________________________________________________________________<br /><br />The remote web server type is :<br /><br />Apache/1.3.29 (Win32) <br /><br /><br />Solution : You can set the directive 'ServerTokens Prod' to limit<br />the information emanating from the server in its response headers.<br />NESSUS_ID : 10107<br /> <br />提示 www (8181/tcp) phpMyAdmin检测<br /><br />此脚本检测远程主机上是否运行了phpMyAdmin,并且获取版本号和定位文件. <br /><br />phpMyAdmin是一个PHP编写的基于web的MySQL管理工具. <br />参见<a href="http://www.phpmyadmin.net/home_page/index.php" target="_blank">http://www.phpmyadmin.net/home_page/index.php</a>可了解更多信息.<br />___________________________________________________________________<br /><br /><br />phpMyAdmin 2.5.5 was detected on the remote host under<br />the path /phpMyAdmin. <br /><br />phpMyAdmin is a web based MySQL administration tool written in PHP. <br />See <a href="http://www.phpmyadmin.net/home_page/index.php" target="_blank">http://www.phpmyadmin.net/home_page/index.php</a> for more<br />information.<br />NESSUS_ID : 17219<br /> <br />提示 Windows Terminal Services (3389/tcp) 开放服务<br /><br />&quot;Windows Terminal Services&quot;服务可能运行于该端口.<br /><br />NESSUS_ID : 10330<br /> <br />提示 Windows Terminal Services (3389/tcp) Windows Terminal Service Enabled<br /><br /><br />The Terminal Services are enabled on the remote host.<br /><br />Terminal Services allow a Windows user to remotely obtain<br />a graphical login (and therefore act as a local user on the<br />remote host).<br /><br />If an attacker gains a valid login and password, he may<br />be able to use this service to gain further access<br />on the remote host. An attacker may also use this service<br />to mount a dictionnary attack against the remote host to try<br />to log in remotely.<br /><br />Note that RDP (the Remote Desktop Protocol) is vulnerable<br />to Man-in-the-middle attacks, making it easy for attackers to<br />steal the credentials of legitimates users by impersonating the<br />Windows server.<br /><br />Solution : Disable the Terminal Services if you do not use them, and<br />do not allow this service to run across the internet<br /><br />Risk factor : Low<br />BUGTRAQ_ID : 3099, 7258<br />NESSUS_ID : 10940<br /> <br />提示 ftp (21/tcp) 开放服务<br /><br />&quot;FTP&quot;服务运行于该端口.<br />BANNER信息 : <br /><br />220 Microsoft FTP Service <br />NESSUS_ID : 10330<br /> <br />提示 ftp (21/tcp) FTP服务的版本和类型<br /><br />通过登陆目标服务器并经过缓冲器接收可查出FTP服务的类型和版本。这些注册过的标识信息将给予潜在的攻击者们关于他们要攻击的系统的额外信息。版本和类型会在可能的地方被泄露。<br /><br />解决方案:将这些注册过的标识信息转变为普通类别的信息。。<br /><br />风险等级:低<br />___________________________________________________________________<br /><br />Remote FTP server banner :<br />220 Microsoft FTP Service <br />NESSUS_ID : 10092<br /> <br />警告 msrdp (3389/tcp) Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability<br /><br /><br />The remote version of Remote Desktop Protocol Server (Terminal Service) is<br />vulnerable to a man in the middle attack.<br /><br />An attacker may exploit this flaw to decrypt communications between client<br />and server and obtain sensitive information (passwords, ...).<br /><br />See Also : <a href="http://www.oxid.it/downloads/rdp-gbu.pdf" target="_blank">http://www.oxid.it/downloads/rdp-gbu.pdf</a><br />Solution : None at this time.<br />Risk factor : Medium<br />CVE_ID : CAN-2005-1794<br />BUGTRAQ_ID : 13818<br />NESSUS_ID : 18405<br /> <br />警告 http-rpc-epmap (593/tcp) Microsoft RRPC接口缓冲区溢出漏洞(KB824146)<br /><br />远程Windows主机的RPC接口存在缓冲区溢出漏洞。<br />该漏洞可导致远程攻击者以SYSTEM权限在系统中执行任意代码。 <br /><br />远程攻击者或蠕虫能据此获得主机的控制权。<br /><br />注意:此BUG不同于NMS03-026,NMS03-026漏洞造成了'MSBlast' (又名LoveSan)蠕虫泛滥<br /><br />解决方案:参考 <a href="http://www.microsoft.com/technet/security/bulletin/MS03-039.asp" target="_blank">http://www.microsoft.com/technet/security/bulletin/MS03-039.asp</a> <br /><br />风险等级 : 高<br />___________________________________________________________________<br /><br />Network problems stopped us from finding out if the host is vulnerable to MS03-039 or not. Diagnostic = main: dcom_recv<br />CVE_ID : CAN-2003-0715, CAN-2003-0528, CAN-2003-0605<br />BUGTRAQ_ID : 8458, 8460<br />NESSUS_ID : 11835<br />Other references : IAVA:2003-A-0012<br /><br />[<i> 本帖最后由 湘芸 于 2007-7-14 18:00 编辑 </i>]
作者: 水墙    时间: 2007-7-14
不懂
作者: 摆个poss    时间: 2007-7-14
3389&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; <img src="images/smilies/shocked.gif" smilieid="7" border="0" alt="" />
作者: 摆个poss    时间: 2007-7-14
楼主直接连接试下<br />账号 administrator<br />密码 空
作者: 湘芸    时间: 2007-7-14
不行-.-
作者: jennifer    时间: 2007-7-14
<img src="images/smilies/sad.gif" smilieid="2" border="0" alt="" />
作者: hsi    时间: 2007-7-14
一般不行
作者: 摆个poss    时间: 2007-7-14
<img src="images/smilies/sad.gif" smilieid="2" border="0" alt="" />




欢迎光临 广告联盟网 (https://ggads.com/) Powered by Discuz! X3.2