- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerability in Windows Services for UNIX Allows Elevation of Privilege
(MS07-053)
------------------------------------------------------------------------
SUMMARY
A vulnerability exists in Windows Services for UNIX 3.0, Windows Services
for UNIX 3.5, and Subsystem for UNIX-based Applications where running
certain setuid binary files could allow an attacker to gain elevation of
privilege.
DETAILS
Affected Software:
* Windows 2000 Service Pack 4
* Windows XP Service Pack 2
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack
2
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2
* Window Vista
* Windows Vista x64 Edition
Non-affected Software:
* Windows Services for UNIX 1.0
* Windows Services for UNIX 2.0
* Windows Services for UNIX 2.1
* Windows Services for UNIX 2.2
Windows Services for UNIX Could Allow Elevation of Privilege:
A vulnerability exists in Windows Services for UNIX 3.0, Windows Services
for UNIX 3.5, and Subsystem for UNIX-based Applications where running
certain setuid binary files could allow an attacker to gain elevation of
privilege. An attacker who successfully exploited this vulnerability could
gain elevation of privilege.
To view this vulnerability as a standard entry in the Common
Vulnerabilities and Exposures list, see
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3036>
CVE-2007-3036.
Mitigating Factors for Windows Services for UNIX Could Allow Elevation of
Privilege:
Mitigation refers to a setting, common configuration, or general
best-practice, existing in a default state that could reduce the severity
of exploitation of vulnerability. The following mitigating factors may be
helpful in your situation:
* Default configurations of Windows 2000 Service Pack 4, Windows XP
Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server
2003 Service Pack 2 do not include Windows Services for UNIX 3.0 and
Windows Services for UNIX 3.5. Windows Services for UNIX 3.0 and Windows
Services for UNIX 3.5. may be optionally installed on Windows 2000 Service
Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and
Windows Server 2003 Service Pack 2. Windows Vista and Windows Server 2003
do not have Subsystem for UNIX-based Applications enabled by default.
Subsystem for UNIX-based Applications is an optional Windows component for
Windows Vista and Windows Server 2003.
Workarounds for Windows Services for UNIX Could Allow Elevation of
Privilege:
Microsoft has not identified any workarounds for this vulnerability.
FAQ for Windows Services for UNIX Could Allow Elevation of Privilege:
What is the scope of the vulnerability?
An elevation of privilege vulnerability exists in Windows Services for
UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based
Applications where running certain setuid binary files that could allow an
attacker to gain elevation of privilege. An attacker who successfully
exploited this vulnerability could gain elevation of privilege. An
attacker could then install programs or view, change, or delete data.
What causes the vulnerability?
Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and
Subsystem for UNIX-based Applications incorrectly handles setuid binary
files.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could gain
elevation of privilege on an affected system. Users whose accounts are
configured to have fewer user rights on the guest operating system are not
less impacted than users who operate with administrative user rights on
the guest operating system.
How could an attacker exploit the vulnerability?
An attacker would have to log on locally to an affected system and run
certain setuid binary files. Or an attacked would have to convince users
to run certain setuid binary files.
What is setuid?
Users of client computers can set the setuid
(set-user-identifier-on-execution) bit for a file. An executable file
which has the setuid bit set will execute under the user ID of the file's
owner, not the user ID of the user who is executing the file.
What systems are primarily at risk from the vulnerability?
Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server
2003 Service Pack 1, and Windows Server 2003 Service Pack where Windows
Services for UNIX 3.0 or Windows Services for UNIX 3.5 is installed.
Windows Server 2003 R2 as an extension of Windows Server 2003. Windows
Vista where Subsystem for UNIX-based Applications is enabled.
What does the update do?
The update removes the vulnerability by correctly handling connection
credentials for setuid binary files.
When this security bulletin was issued, had this vulnerability been
publicly disclosed?
Yes. This vulnerability has been publicly disclosed with limited
distribution.
ADDITIONAL INFORMATION
The information has been provided by Microsoft Security Bulletin MS07-053.
The original article can be found at:
<http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx>
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment