Microsoft Windows TCP/IP协议栈ICMP重置TCP连接漏洞(MS05-19/MS06-064)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108657 漏洞类型 其他
发布时间 2005-04-12 更新时间 2005-10-28
CVE编号 CVE-2004-0790 CNNVD-ID CNNVD-200504-022
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25389
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200504-022
|漏洞详情
MicrosoftWindows是美国微软(Microsoft)公司发布的一系列操作系统。MicrosoftWindows的TCP/IP协议栈的ICMP协议处理模块存在漏洞,远程攻击者可能利用此漏洞重置服务器的TCP连接。MicrosoftWindows的ICMP协议处理模块没有充分检查某些类型ICMP消息的合法性,远程攻击者可以向受影响的服务器发送特制的ICMP消息导致服务器和客户端之间的已有TCP连接被重置。
|漏洞EXP
source: http://www.securityfocus.com/bid/13124/info
  
Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) are reported prone to several denial-of-service attacks.
  
ICMP is employed by network nodes to determine certain automatic actions to take based on network failures reported by an ICMP message.
  
Reportedly, the RFC doesn't recommend security checks for ICMP error messages. As long as an ICMP message contains a valid source and destination IP address and port pair, it will be accepted for an associated connection.
  
The following individual attacks are reported:
  
- A blind connection-reset attack. This attack takes advantage of the specification that describes that on receiving a 'hard' ICMP error, the corresponding connection should be aborted. The Mitre ID CAN-2004-0790 is assigned to this issue.
  
A remote attacker may exploit this issue to terminate target TCP connections and deny service for legitimate users.
  
- An ICMP Source Quench attack. This attack takes advantage of the specification that a host must react to receive ICMP Source Quench messages by slowing transmission on the associated connection. The Mitre ID CAN-2004-0791 is assigned to this issue.
  
A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.
  
- An attack against ICMP PMTUD is reported to affect multiple vendors when they are configured to employ PMTUD. By sending a suitable forged ICMP message to a target host, an attacker may reduce the MTU for a given connection. The Mitre ID CAN-2004-1060 is assigned to this issue.
  
A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.
  
**Update: Microsoft platforms are also reported prone to these issues.
 
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/25389.tar.gz
|参考资料

来源:MS
名称:MS05-019
链接:http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx
来源:MISC
链接:http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt
来源:MISC
链接:http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
来源:MISC
链接:http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
来源:SUNALERT
名称:57746
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1
来源:BID
名称:13124
链接:http://www.securityfocus.com/bid/13124
来源:HP
名称:HPSBST02161
链接:http://www.securityfocus.com/archive/1/archive/1/449179/100/0/threaded
来源:HP
名称:HPSBUX01164
链接:http://www.securityfocus.com/archive/1/archive/1/418882/100/0/threaded
来源:MS
名称:MS06-064
链接:http://www.microsoft.com/technet/security/Bulletin/MS06-064.mspx
来源:VUPEN
名称:ADV-2006-3983
链接:http://www.frsirt.com/english/advisories/2006/3983
来源:SUNALERT
名称:101658
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1
来源:SREASON
名称:57
链接:http://securityreason.com/securityalert/57
来源:SREASON
名称:19
链接:http: