漏洞信息详情

Microsoft Windows 多个平台'smtpsvc.dll'DNS功能输入验证错误漏洞

  • CNNVD编号:CNNVD-201005-108
  • 危害等级: 中危
  • CVE编号: CVE-2010-1690
  • 漏洞类型: 输入验证错误
  • 发布时间: 2010-05-07
  • 威胁类型: 远程
  • 更新时间: 2020-04-10
  • 厂        商: microsoft
  • 漏洞来源:

漏洞简介

Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。

Microsoft Windows 2000、Windows XP、Windows Server 2003、Windows Server 2008、Exchange Server 2003、Exchange Server 2007以及Exchange Server 2010中,smtpsvc.dll的DNS实现不验证响应的交易ID是否与查询请求的交易ID相匹配,受骗用户可以轻易伪造DNS响应。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Security Update for Windows Server 2008 (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=E29EAD69-000A -4982-A25C-F3981EDA381A

Microsoft Windows Server 2008 for x64-based Systems R2

Microsoft Security Update for Windows Server 2008 R2 x64 Edition (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=EB27CD2B-D514 -4405-8650-259A42E35155

Microsoft Windows Server 2003 Datacenter x64 Edition SP2

Microsoft Security Update for Windows Server 2003 x64 Edition (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=644FF070-237B -4A73-B2E2-9FFFDAFA3927

Microsoft Windows Server 2003 Web Edition SP2

Microsoft Security Update for Windows Server 2003 (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=F781E9E4-87D4 -4243-9D44-256424D75FEC

Microsoft Windows Server 2003 x64 SP2

Microsoft Security Update for Windows Server 2003 x64 Edition (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=644FF070-237B -4A73-B2E2-9FFFDAFA3927

Microsoft Windows Server 2008 for x64-based Systems 0

Microsoft Security Update for Windows Server 2008 x64 Edition (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=8F922E64-E3A6 -46FE-9A81-B2813EA6A330

Microsoft Windows 2000 Advanced Server SP4

Microsoft Security Update for Windows 2000 (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=88A0E872-01DE -495B-8EEC-D105A970DAA7

3DM Software Disk Management Software SP2

Microsoft Security Update for Windows Server 2003 (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=F781E9E4-87D4 -4243-9D44-256424D75FEC

Microsoft Windows Server 2003 Standard Edition SP2

Microsoft Security Update for Windows Server 2003 (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=F781E9E4-87D4 -4243-9D44-256424D75FEC

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Security Update for Windows Server 2008 x64 Edition (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=8F922E64-E3A6 -46FE-9A81-B2813EA6A330

Microsoft Windows 2000 Datacenter Server SP4

Microsoft Security Update for Windows 2000 (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=88A0E872-01DE -495B-8EEC-D105A970DAA7

Microsoft Windows Server 2008 for 32-bit Systems 0

Microsoft Security Update for Windows Server 2008 (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=E29EAD69-000A -4982-A25C-F3981EDA381A

Microsoft Windows 2000 Professional SP4

Microsoft Security Update for Windows 2000 (KB976323)

http://www.microsoft.com/downloads/details.aspx?familyid=88A0E872-01DE -495B-8EEC-D105A970DAA7

Microsoft Exchange Server 2003 SP2

Microsoft Security Update for Exchange Server 2003 Service Pack 2 (KB976702)

http://www.microsoft.com/downloads/details.aspx?familyid=bc8391f8-5335 -496b-ad4c-bae38509be4a

参考网址

来源:BID

链接:https://www.securityfocus.com/bid/39910

来源:MISC

链接:http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs

来源:SECTRACK

链接:http://securitytracker.com/id?1023939

来源:BID

链接:http://www.securityfocus.com/bid/39910

来源:FULLDISC

链接:http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多