SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Windows Services for UNIX Vendors:   Microsoft
Windows Services for UNIX Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1018678
SecurityTracker URL:  http://securitytracker.com/id/1018678
CVE Reference:   CVE-2007-3036   (Links to External Site)
Date:  Sep 11 2007
Impact:   Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0, 3.5
Description:   A vulnerability was reported in Windows Services for UNIX. A local user can obtain elevated privileges on the target system.

The software does not properly process set user id (setuid) binary files. A local user can invoke one of the binaries to execute arbitrary commands on the target system with elevated privileges.

Brian A. Reiter of WolfeReiter reported this vulnerability.

Impact:   A local user can obtain elevated privileges on the target system.

[Editor's note: The advisory did not indicate the extent of privilege escalation.]

Solution:   The vendor has issued the following fixes:

Windows Services for UNIX 3.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=557f89fc-c5d9-4405-9007-1654abf92277

Windows Services for UNIX 3.5:

http://www.microsoft.com/downloads/details.aspx?FamilyId=70ae23c2-3ae8-4ea6-ba8d-8ac7e4f82663

Windows Services for UNIX 3.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=557f89fc-c5d9-4405-9007-1654abf92277

Windows Services for UNIX 3.5:

http://www.microsoft.com/downloads/details.aspx?FamilyId=70ae23c2-3ae8-4ea6-ba8d-8ac7e4f82663

Windows Services for UNIX 3.0:

http://www.microsoft.com/downloads/details.aspx?FamilyId=557f89fc-c5d9-4405-9007-1654abf92277

Windows Services for UNIX 3.5:

http://www.microsoft.com/downloads/details.aspx?FamilyId=70ae23c2-3ae8-4ea6-ba8d-8ac7e4f82663

Subsystem for UNIX-based Applications:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8ab5cc43-0b9c-45eb-aa51-47568ab6ce3f

Subsystem for UNIX-based Applications:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1d21e3e8-b5f6-4044-9db6-054af836492b

Subsystem for UNIX-based Applications:

http://www.microsoft.com/downloads/details.aspx?FamilyId=4d52e4f4-2888-42df-8163-85c648e65b29

Subsystem for UNIX-based Applications:

http://www.microsoft.com/downloads/details.aspx?FamilyId=4be667cc-c239-480b-a9a0-939bcd27f0de

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms07-053.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2000), Windows (2003), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC