Windows : Microsoft Bulletins : Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.801723

Kategorie: Windows : Microsoft Bulletins

Titel: Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS07-053.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS07-053.

Vulnerability Insight:
The flaw is due to an unspecified error in Windows Services for UNIX
and the Subsystem for UNIX-based Applications component when handling connection
credentials for setuid binaries.

Vulnerability Impact:
Successful exploitation allows remote attackers to execute arbitrary code with
escalated privileges by running a specially crafted setuid binary.

Affected Software/OS:
- Microsoft Windows XP Service Pack 2 and prior

- Microsoft Windows 2000 ervice Pack 4 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows Vista

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 25620
Common Vulnerability Exposure (CVE) ID: CVE-2007-3036
http://www.securityfocus.com/bid/25620
Cert/CC Advisory: TA07-254A
http://www.us-cert.gov/cas/techalerts/TA07-254A.html
CERT/CC vulnerability note: VU#768440
http://www.kb.cert.org/vuls/id/768440
Microsoft Security Bulletin: MS07-053
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-053
http://www.osvdb.org/36935
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1275
http://securitytracker.com/id?1018678
http://secunia.com/advisories/26757
http://www.vupen.com/english/advisories/2007/3115

Copyright Copyright (C) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.801723
Kategorie:	Windows : Microsoft Bulletins
Titel:	Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS07-053.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS07-053. Vulnerability Insight: The flaw is due to an unspecified error in Windows Services for UNIX and the Subsystem for UNIX-based Applications component when handling connection credentials for setuid binaries. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code with escalated privileges by running a specially crafted setuid binary. Affected Software/OS: - Microsoft Windows XP Service Pack 2 and prior - Microsoft Windows 2000 ervice Pack 4 and prior - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows Vista Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 25620 Common Vulnerability Exposure (CVE) ID: CVE-2007-3036 http://www.securityfocus.com/bid/25620 Cert/CC Advisory: TA07-254A http://www.us-cert.gov/cas/techalerts/TA07-254A.html CERT/CC vulnerability note: VU#768440 http://www.kb.cert.org/vuls/id/768440 Microsoft Security Bulletin: MS07-053 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-053 http://www.osvdb.org/36935 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1275 http://securitytracker.com/id?1018678 http://secunia.com/advisories/26757 http://www.vupen.com/english/advisories/2007/3115
Copyright	Copyright (C) 2011 Greenbone Networks GmbH