09.29更新:微軟已經發布了補丁,詳細說明見:http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx
前幾天的一個安全會議上公布了一個ASP.NET中的安全隱患(在1.0至4.0的版本中均存在),駭客可以使用這個隱患擷取到網站的web.config檔案(往往儲存了一些敏感資訊,如資料庫連接字串等)以及擷取ViewState中的加密資訊。
微軟在前兩天發布了Workaround,這個安全隱患對SharePoint的影響涉及到如下版本的產品:
- SharePoint 2010 Server & Foundation
- Office SharePoint Server 2007
- Windows SharePoint Services 3.0 & 2.0
一個暫時的解決辦法如下:
針對SharePoint 2010 (Server & Foundation):
1、進入到前端伺服器的layouts目錄(%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\template\layouts)
2、建立一個error2.aspx,包含如下內容:
1: <%@ Page Language="C#" AutoEventWireup="true" %>
2: <%@ Import Namespace="System.Security.Cryptography" %>
3: <%@ Import Namespace="System.Threading" %>
4:
5: <script runat="server"> 1:
2: void Page_Load() {
3: byte[] delay = new byte[1];
4: RandomNumberGenerator prng = new RNGCryptoServiceProvider();
5:
6: prng.GetBytes(delay);
7: Thread.Sleep((int)delay[0]);
8:
9: IDisposable disposable = prng as IDisposable;
10: if (disposable != null) { disposable.Dispose(); }
11: }
</script>
6:
7: <html>
8: <head runat="server">
9: <title>Error</title>
10: </head>
11: <body>
12: <div>
13: An error occurred while processing your request.
14: </div>
15: </body>
16: </html>
3、進入到IIS虛擬目錄(%SystemDrive%\inetpub\wwwroot\wss\virtualdirectories)
4、在每個網站的虛擬目錄中,將web.config中的customErrors結點修改為:
1: <customErrors mode="On" redirectMode="ResponseRewrite" defaultRedirect="/_layouts/error2.aspx" />
5、進入到SharePoint Root的ISAPI目錄(%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\isapi)
6、備份其中的web.config檔案,並在<system.web>之前加入如下內容:
1: <system.webServer>
2: <handlers>
3: <remove name="AssemblyResourceLoader-Integrated-4.0" />
4: <remove name="AssemblyResourceLoader-Integrated" />
5: </handlers>
6: </system.webServer>
7、重啟IIS
在SharePoint 2007(MOSS & WSS 3.0)中:
1、進入12目錄的ISAPI子目錄(%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\isapi)
2、備份其中的web.config,並在<customErrors mode=”On” />之後,加入如下內容:
1: <httpHandlers>
2: <remove path="WebResource.axd" verb="GET"/>
3: </httpHandlers>
3、重啟IIS
參考文章:
1、Important: ASP.NET Security Vulnerability
2、Security Advisory 2416728 (Vulnerability in ASP.NET) and SharePoint