Microsoft Windows DNS Server NAPTR查询远程代码执行漏洞

2011-08-10T00:00:00
ID SSV:20827
Type seebug
Reporter Root
Modified 2011-08-10T00:00:00

Description

Bugtraq ID: 49012 CVE ID:CVE-2011-1966

Microsoft Windows是一款流行的操作系统。 Windows DNS server处理NAPTR (Name Authority Pointer)资源记录的查询存在错误,允许攻击者对设置为非权威DNS服务器进行任意代码执行攻击。 此问题是一个符号扩展漏洞,由于没有对小的负数扩展为大的类型进行正确检查,之后这个大的负值用于memcpy计算堆缓冲区。复制长度始终至少为0x80000000字节长,因此在2+GB可用内存中进行拷贝可导致拷贝操作失败。另外要成功利用漏洞并执行代码需要绕过ASLR,DEP和堆元数据保护。最后攻击者只有三次机会来利用此漏洞,因为服务控制管理器在三次崩溃后就不会再启动

Microsoft Windows Server 2008 Standard Edition SP2 Microsoft Windows Server 2008 Standard Edition Release Candidate Microsoft Windows Server 2008 Standard Edition R2 SP1 Microsoft Windows Server 2008 Standard Edition R2 Microsoft Windows Server 2008 Standard Edition Itanium Microsoft Windows Server 2008 Standard Edition 0 Microsoft Windows Server 2008 Standard Edition - Sp2 Web Microsoft Windows Server 2008 Standard Edition - Sp2 Storage Microsoft Windows Server 2008 Standard Edition - Sp2 Hpc Microsoft Windows Server 2008 Standard Edition - Gold Web Microsoft Windows Server 2008 Standard Edition - Gold Storage Microsoft Windows Server 2008 Standard Edition - Gold Standard Microsoft Windows Server 2008 Standard Edition - Gold Itanium Microsoft Windows Server 2008 Standard Edition - Gold Hpc Microsoft Windows Server 2008 Standard Edition - Gold Enterprise Microsoft Windows Server 2008 Standard Edition - Gold Datacenter Microsoft Windows Server 2008 Standard Edition - Gold Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 0 Microsoft Windows Server 2008 R2 Standard Edition 0 Microsoft Windows Server 2008 R2 Itanium SP1 Microsoft Windows Server 2008 R2 Itanium 0 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 0 Microsoft Windows Server 2008 R2 Enterprise Edition 0 Microsoft Windows Server 2008 R2 Datacenter SP1 Microsoft Windows Server 2008 R2 Datacenter 0 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems R2 Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems R2 Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Windows Server 2008 Enterprise Edition SP2 Microsoft Windows Server 2008 Enterprise Edition Release Candidate Microsoft Windows Server 2008 Enterprise Edition 0 Microsoft Windows Server 2008 Datacenter Edition SP2 Microsoft Windows Server 2008 Datacenter Edition Release Candidate Microsoft Windows Server 2008 Datacenter Edition 0 Microsoft Windows Server 2008 SP2 Beta Microsoft Windows Server 2008 - Sp2 Enterprise X64 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.microsoft.com/technet/security/Bulletin/MS11-058.mspx