ASP.NET安全隐患及SharePoint中的Workaround
09.29更新:微软已经发布了补丁,详细说明见:http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx
前几天的一个安全会议上公布了一个ASP.NET中的安全隐患(在1.0至4.0的版本中均存在),黑客可以使用这个隐患获取到网站的web.config文件(往往保存了一些敏感信息,如数据库连接字符串等)以及获取ViewState中的加密信息。
微软在前两天发布了Workaround,这个安全隐患对SharePoint的影响涉及到如下版本的产品:
- SharePoint 2010 Server & Foundation
- Office SharePoint Server 2007
- Windows SharePoint Services 3.0 & 2.0
一个暂时的解决办法如下:
针对SharePoint 2010 (Server & Foundation):
1、进入到前端服务器的layouts目录(%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\template\layouts)
2、创建一个error2.aspx,包含如下内容:
1: <%@ Page Language="C#" AutoEventWireup="true" %>
2: <%@ Import Namespace="System.Security.Cryptography" %>
3: <%@ Import Namespace="System.Threading" %>
4:
5: <script runat="server">1:
2: void Page_Load() {3: byte[] delay = new byte[1];4: RandomNumberGenerator prng = new RNGCryptoServiceProvider();5:
6: prng.GetBytes(delay);
7: Thread.Sleep((int)delay[0]);8:
9: IDisposable disposable = prng as IDisposable;10: if (disposable != null) { disposable.Dispose(); }11: }
</script>
6:
7: <html>
8: <head runat="server">
9: <title>Error</title>
10: </head>
11: <body>
12: <div>
13: An error occurred while processing your request.
14: </div>
15: </body>
16: </html>
3、进入到IIS虚拟目录(%SystemDrive%\inetpub\wwwroot\wss\virtualdirectories)
4、在每个网站的虚拟目录中,将web.config中的customErrors结点修改为:
1: <customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="/_layouts/error2.aspx" />
5、进入到SharePoint Root的ISAPI目录(%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\isapi)
6、备份其中的web.config文件,并在<system.web>之前加入如下内容:
1: <system.webServer>
2: <handlers>
3: <remove name="AssemblyResourceLoader-Integrated-4.0" />
4: <remove name="AssemblyResourceLoader-Integrated" />
5: </handlers>
6: </system.webServer>
7、重启IIS
在SharePoint 2007(MOSS & WSS 3.0)中:
1、进入12目录的ISAPI子目录(%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\isapi)
2、备份其中的web.config,并在<customErrors mode=”On” />之后,加入如下内容:
1: <httpHandlers>
2: <remove path="WebResource.axd" verb="GET"/>
3: </httpHandlers>
3、重启IIS
参考文章:
1、Important: ASP.NET Security Vulnerability
2、Security Advisory 2416728 (Vulnerability in ASP.NET) and SharePoint