● RPC.....[转载] - 荔园在线 | 深圳大学学生论坛,荔园晨风BBS,深大在线网站

荔园之美，在春之萌芽，在夏之绽放，在秋之收获，在冬之沉淀

发信人: ALL (偶是一只小马甲～～^_^), 信区: Virus
标  题: RPC.....[转载]
发信站: 荔园晨风BBS站 (Thu Sep 11 09:36:52 2003), 站内信件

我只是和Version抢生意而已呵呵大家中秋节快乐，记得
下载新的病毒库哈

又来了又来了

Multiple Microsoft RPC DCOM Subsystem Vulnerabilities
Risk
High

Date Discovered
09-10-2003

Description

Microsoft has released a Security Bulletin and a software patch, which addresses
three issues identified in the RPC DCOM subsystem of the Microsoft Windows fami
ly of operating systems. Two of these issues can be exploited to execute arbitra
ry code in
the security context of the RPC DCOM account, typically LocalSystem, while the t
hird vulnerability can be exploited to launch a Denial of Service (DoS) attack a
gainst a vulnerable host.

It is believed that existing code, including the exploit implemented by W32.Blas
ter.Worm, which targets the vulnerability in RPC DCOM subsystem described in MS0
3-026 can easily be modified to successfully exploit one of the vulnerabilities
listed in
MS03-039. For this reason, Symantec Security Response believes that active explo
itation and creation of Internet worms targeting this vulnerability is imminent.
The vulnerability in question is purported to be a heap based overflow that can
be
exploited via an overly long NETBIOS name submitted via a specially formatted RP
C packet.

Components Affected
Microsoft Windows NT 4.0
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 2003

Recommendations
Deployment of the patches supplied by Microsoft is highly recommended. If this c
ourse of action is not feasible at this time, the following strategies should be
followed in order to mitigate the risk of exploitation:

Filtering traffic destined for UDP ports 135, 137, 138, 445 and TCP ports 135, 1
39, 445, 593 at network perimeters and restricting access to RPC DCOM servers to
trusted clients only. Furthermore, RPC over HTTP should be disabled or at least
restricted
to trusted clients. In addition, ports bound by individual RPC services should a
lso be blocked. Unfortunately, as there is no standard assignment of ports to in
dividual RPC services, filtering has to be done on a perapplication basis.

Filtering out unwanted traffic using the Internet Connection Firewall (Windows X
P and Windows Server 2003 only) or disabling RPC services altogether.

Microsoft has released a tool, which will verify whether the patch provided in M
S03-039 has been applied to a system. It can be found at the following location:
http://support.microsoft.com/?kbid=827363

Resources
Microsoft Security Bulletin MS03-039 (Microsoft)
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp

Microsoft RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption
http://www.securityfocus.com/bid/8458

Microsoft RPCSS DCOM Interface Variant Buffer Overrun Vulnerability
http://www.securityfocus.com/bid/8459

Microsoft Windows RPCSS Denial of Service Vulnerability
http://www.securityfocus.com/bid/8460

--------------------------------------------------------------------------------

Copyright (c) 2003 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is
not edited in any way unless authorized by Symantec Security Response. Reprinti
ng the whole or part of this alert in any medium other than electronically requi
res
permission from symsecurity@symantec.com.
permission from symsecurity@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time of publis
hing based on currently available information. Use of the information constitute
s acceptance for use in an AS IS condition. There are no warranties with regard
to this
information. Neither the author nor the publisher accepts any liability for any
direct, indirect, or consequential loss or damage arising from use of, or relian
ce on, this information.

Symantec, Symantec products, Symantec Security Response, and SymSecurity are reg
istered trademarks of Symantec Corp. and/or affiliated companies in the United S
tates and other countries. All other registered and unregistered trademarks repr
esented in
this document are the sole property of their respective companies/owners.

--
                      *
          *                                  *
                          *             *
                      no more to say
                  ★     just wish you   ★
                            good luck

※ 修改:·ALL 於 Sep 11 09:38:06 修改本文·[FROM: 192.168.35.27]
※ 来源:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.1.50]
--
※ 转载:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.35.27]

荔园在线首页友情链接：深圳大学深大招生荔园晨风BBS S-Term软件网络书店