| Secunia Advisory: | SA26757 | |
| Release Date: | 2007-09-11 | |
| Critical: |  Less critical | |
| Impact: | Privilege escalation | |
| Where: | Local system | |
| Solution Status: | Vendor Patch | |
| OS: | Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Storage Server 2003 Microsoft Windows Vista | |
| Software: | Microsoft Windows Services for UNIX 3.x | |
| CVE reference: | CVE-2007-3036 (Secunia mirror) | |
A vulnerability has been reported in Microsoft Windows Services for UNIX, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to an unspecified error in Windows Services for UNIX and the Subsystem for UNIX-based Applications component when handling connection credentials for setuid binaries. This can be exploited to execute arbitrary code with escalated privileges by running a specially crafted setuid binary.
Successful exploitation requires that Windows Services for UNIX is installed or the Subsystem for UNIX-based Applications component is enabled (disabled by default).
NOTE: According to Microsoft, "limited distribution" of the vulnerability details already exists.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Apply patches.
Windows 2000 SP4 with Windows Services for UNIX 3.0:
http://www.microsoft.com/downloads/de...=557f89fc-c5d9-4405-9007-1654abf92277
Windows 2000 SP4 with Windows Services for UNIX 3.5:
http://www.microsoft.com/downloads/de...=70ae23c2-3ae8-4ea6-ba8d-8ac7e4f82663
Windows XP SP2 with Windows Services for UNIX 3.0:
http://www.microsoft.com/downloads/de...=557f89fc-c5d9-4405-9007-1654abf92277
Windows XP SP2 with Windows Services for UNIX 3.5:
http://www.microsoft.com/downloads/de...=70ae23c2-3ae8-4ea6-ba8d-8ac7e4f82663
Windows Server 2003 SP1/SP2 with Windows Services for UNIX 3.0:
http://www.microsoft.com/downloads/de...=557f89fc-c5d9-4405-9007-1654abf92277
Windows Server 2003 SP1/SP2 with Windows Services for UNIX 3.5:
http://www.microsoft.com/downloads/de...=70ae23c2-3ae8-4ea6-ba8d-8ac7e4f82663
Windows Server 2003 SP1/SP2 with Subsystem for UNIX-based Applications:
http://www.microsoft.com/downloads/de...=8ab5cc43-0b9c-45eb-aa51-47568ab6ce3f
Windows Server 2003 x64 Edition (optionally with SP2) with Subsystem for UNIX-based Applications:
http://www.microsoft.com/downloads/de...=1d21e3e8-b5f6-4044-9db6-054af836492b
Window Vista with Subsystem for UNIX-based Applications:
http://www.microsoft.com/downloads/de...=4d52e4f4-2888-42df-8163-85c648e65b29
Windows Vista x64 Edition with Subsystem for UNIX-based Applications:
http://www.microsoft.com/downloads/de...=4be667cc-c239-480b-a9a0-939bcd27f0de
Provided and/or discovered by:
Reported as a 0-day.
Original Advisory:
MS07-053 (KB939778):
http://www.microsoft.com/technet/security/Bulletin/MS07-053.mspx
資料來源 http://secunia.com/advisories/26757/
全站熱搜
留言列表
