漏洞信息详情

Microsoft MSN messenger IP地址泄露漏洞

  • CNNVD编号:CNNVD-200901-023
  • 危害等级: 中危
  • CVE编号: CVE-2008-5828
  • 漏洞类型: 信息泄露
  • 发布时间: 2009-01-02
  • 威胁类型: 远程
  • 更新时间: 2009-01-29
  • 厂        商: microsoft
  • 漏洞来源: Carmelo Brancato※ ...

漏洞简介

MSN messenger是Windows操作系统默认捆绑的即时消息聊天客户端。

如果在NAT会话上使用了MSN协议版本15(MSNP15),Windows Live Messenger客户端允许远程攻击者通过读取Ipv4ExternalAddrsAndPorts、Ipv4InternalAddrsAndPorts头字段找到内部IP地址和端口号。

在聊天会话期间MSN除了传送会话id、Cal等信息外,还会传送Ipv4ExternalAddrsAndPorts、Ipv4InternalAddrsAndPorts,分别代表公开的IP地址和会话者的私有IP地址及端口逻辑。以下是会话的全过程:

MSNMSGR:aaaa@hotmail.it MSNSLP/1.0

To: <msnmsgr:aaaa@hotmail.it>

From: <msnmsgr:<a href=\"mailto:bbbbbb@hotmail.it\">bbbbbb@hotmail.it>

Via: MSNSLP/1.0/TLP ;branch={D4CE435D-8C31-4D80-80EC-576A8294B3B3}

CSeq: 0

Call-ID: {00000000-0000-0000-0000-000000000000}

Max-Forwards: 0

Content-Type: application/x-msnmsgr-transudpswitch

Content-Length: 157

IPv4ExternalAddrsAndPorts: 79.2.165.233:3939

IPv4InternalAddrsAndPorts: 192.168.0.2:3939

SessionID: 729003413

SChannelState: 0

Capabilities-Flags: 1

######A#########g#######g#######¶8»#############INVITE

MSNMSGR:<a href=\"mailto:aaa@hotmail.it\">aaa@hotmail.it MSNSLP/1.0

To: <msnmsgr:aaaa@hotmail.it>

From: <msnmsgr:<a href=\"mailto:bbbb@hotmail.it\">bbbb@hotmail.it>

Via: MSNSLP/1.0/TLP ;branch={31DB585D-3119-40AF-B02B-3D9BAEF32CD0}

CSeq: 0

Call-ID: {9A68685A-1FCF-86A1-B639-BA769BA9B514}

Max-Forwards: 0

Content-Type: application/x-msnmsgr-transreqbody

Content-Length: 270

Bridges: TRUDPv1 TCPv1 SBBridge TURNv1

NetID: -375061937

Conn-Type: Port-Restrict-NAT

TCP-Conn-Type: Port-Restrict-NAT

UPnPNat: true

ICF: false

Hashed-Nonce: {D8F5EEB9-2568-FAE8-9460-3FF8DB908381}

SessionID: 275007100

SChannelState: 0

Capabilities-Flags: 1

#####MSG 49 D 155

MIME-Version: 1.0

Content-Type: application/x-msnmsgrp2p

P2P-Dest: <a href=\"mailto:bbbb@hotmail.it\">bbbb@hotmail.it

####_áEu########g#################A#¶8»#g###########ACK 49

MSG 50 D 555

MIME-Version: 1.0

Content-Type: application/x-msnmsgrp2p

P2P-Dest: <a href=\"mailto:bbbb@hotmail.it\">bbbb@hotmail.it

####^áEu######################ÔùH(############MSNSLP/1.0 200 OK

To: <msnmsgr:<a href=\"mailto:bbbbb@hotmail.it\">bbbbb@hotmail.it>

From: <msnmsgr:aaaa@hotmail.it>

Via: MSNSLP/1.0/TLP ;branch={31DB585D-3119-40AF-B02B-3D9BAEF32CD0}

CSeq: 1

Call-ID: {9A68685A-1FCF-86A1-B639-BA769BA9B514}

Max-Forwards: 0

Content-Type: application/x-msnmsgr-transrespbody

Content-Length: 83

Bridge: TCPv1

Listening: false

Nonce: {00000000-0000-0000-0000-000000000000}

#####ACK 50

MSG <a href=\"mailto:bbbb@hotmail.it\">bbbb@hotmail.it [c=28][i]BBBB[/i][/c] 143

MIME-Version: 1.0

Content-Type: application/x-msnmsgrp2p

P2P-Dest: <a href=\"mailto:aaa@hotmail.it\">aaa@hotmail.it

######A#########################^áEuÔùH(###########MSG <a href=\"mailto:bbbb@hotmail.it\">bbbb@hotmail.it

[c=28][i]BBB[/i][/c] 815

MIME-Version: 1.0

Content-Type: application/x-msnmsgrp2p

P2P-Dest: aaaa@hotmail.it

######A######### ####### #######àe»#############INVITE

MSNMSGR:aaaa@hotmail.it MSNSLP/1.0

To: <msnmsgr:<a href=\"mailto:aaa@hotmail.it\">aaa@hotmail.it>

From: <msnmsgr:<a href=\"mailto:bbbb@hotmail.it\">bbbb@hotmail.it>

Via: MSNSLP/1.0/TLP ;branch={5BDF5F91-90FF-4C0F-ACA6-F65A9E30986C}

CSeq: 0

Call-ID: {9A68685A-1FCF-86A1-B639-BA769BA9B514}

Max-Forwards: 0

Content-Type: application/x-msnmsgr-transrespbody

Content-Length: 326

Bridge: TCPv1

Listening: true

Conn-Type: Port-Restrict-NAT

TCP-Conn-Type: Port-Restrict-NAT

Nonce: {2DA8E1E7-CD08-4200-8E62-C2263EAC2D36}

IPv4External-Addrs: 79.2.165.233

IPv4External-Port: 3973

IPv4Internal-Addrs: 192.168.0.2

IPv4Internal-Port: 3973

SessionID: 275007100

SChannelState: 0

Capabilities-Flags: 1

这样攻击者就可以自由的访问路由器或网络情况。

漏洞公告

目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/en-us/default.aspx

参考网址

来源: BUGTRAQ

名称: 20081229 MSN messenger sends IP addresses Public and Private

链接:http://www.securityfocus.com/archive/1/archive/1/499624/100/0/threaded

来源: SREASON

名称: 4862

链接:http://securityreason.com/securityalert/4862

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多