Microsoft Windows TCP/IP协议栈ICMP重置TCP连接漏洞(MS05-19/MS06-064)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108658 漏洞类型 其他
发布时间 2005-04-12 更新时间 2009-03-04
CVE编号 CVE-2004-1060 CNNVD-ID CNNVD-200404-019
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25388
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200404-019
|漏洞详情
MicrosoftWindows是美国微软(Microsoft)公司发布的一系列操作系统。MicrosoftWindows的TCP/IP协议栈的ICMP协议处理模块存在漏洞,远程攻击者可能利用此漏洞重置服务器的TCP连接。MicrosoftWindows的ICMP协议处理模块没有充分检查某些类型ICMP消息的合法性,远程攻击者可以向受影响的服务器发送特制的ICMP消息导致服务器和客户端之间的已有TCP连接被重置。
|漏洞EXP
source: http://www.securityfocus.com/bid/13124/info
 
Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) are reported prone to several denial-of-service attacks.
 
ICMP is employed by network nodes to determine certain automatic actions to take based on network failures reported by an ICMP message.
 
Reportedly, the RFC doesn't recommend security checks for ICMP error messages. As long as an ICMP message contains a valid source and destination IP address and port pair, it will be accepted for an associated connection.
 
The following individual attacks are reported:
 
- A blind connection-reset attack. This attack takes advantage of the specification that describes that on receiving a 'hard' ICMP error, the corresponding connection should be aborted. The Mitre ID CAN-2004-0790 is assigned to this issue.
 
A remote attacker may exploit this issue to terminate target TCP connections and deny service for legitimate users.
 
- An ICMP Source Quench attack. This attack takes advantage of the specification that a host must react to receive ICMP Source Quench messages by slowing transmission on the associated connection. The Mitre ID CAN-2004-0791 is assigned to this issue.
 
A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.
 
- An attack against ICMP PMTUD is reported to affect multiple vendors when they are configured to employ PMTUD. By sending a suitable forged ICMP message to a target host, an attacker may reduce the MTU for a given connection. The Mitre ID CAN-2004-1060 is assigned to this issue.
 
A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.
 
**Update: Microsoft platforms are also reported prone to these issues. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/25388.tar.gz
|参考资料

来源:MS
名称:MS05-019
链接:http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx
来源:www.uniras.gov.uk
链接:http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
来源:www.gont.com.ar
链接:http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
来源:CISCO
名称:20050412CraftedICMPMessagesCanCauseDenialofService
链接:http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
来源:OVAL
名称:oval:org.mitre.oval:def:5386
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5386
来源:BID
名称:13124
链接:http://www.securityfocus.com/bid/13124
来源:HP
名称:HPSBUX01164
链接:http://www.securityfocus.com/archive/1/archive/1/418882/100/0/threaded
来源:SREASON
名称:57
链接:http://securityreason.com/securityalert/57
来源:SREASON
名称:19
链接:http://securityreason.com/securityalert/19
来源:SECUNIA
名称:18317
链接:http://secunia.com/advisories/18317
来源:HP
名称:SSRT4884
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=112861397904255&w=2
来源:SCO
名称:SCOSA-2006.4
链接:ftp://ftp.sco.com/pub/updates/OpenServer/