Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0894 | First vendor Publication | 2005-01-10 |
Vendor | Cve | Last vendor Modification | 2019-04-30 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0894 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1888 | |||
Oval ID: | oval:org.mitre.oval:def:1888 | ||
Title: | LSASS Privilege Escalation Vulnerability (64-bit Server 2003) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2062 | |||
Oval ID: | oval:org.mitre.oval:def:2062 | ||
Title: | LSASS Privilege Escalation Vulnerability (64-bit XP, SP1) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:3312 | |||
Oval ID: | oval:org.mitre.oval:def:3312 | ||
Title: | LSASS Privilege Escalation Vulnerability (Server 2003/64-bit XP) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 1 |
Platform(s): | Microsoft Windows XP | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3325 | |||
Oval ID: | oval:org.mitre.oval:def:3325 | ||
Title: | LSASS Privilege Escalation Vulnerability (32-bit XP, SP1) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4368 | |||
Oval ID: | oval:org.mitre.oval:def:4368 | ||
Title: | LSASS Privilege Escalation Vulnerability (32-bit XP, SP2) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:778 | |||
Oval ID: | oval:org.mitre.oval:def:778 | ||
Title: | LSASS Privilege Escalation Vulnerability (Windows 2000) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
12376 | Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation The Microsoft Windows operating system contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in the validation of identity tokens within the Local Security Authority Subsystem Service (LSASS.) This flaw may lead to a loss of confidentiality. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-12-14 | Name : Local users can elevate their privileges on the remote host. File : smb_nt_ms04-044.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:25 |
|
2021-04-22 01:02:34 |
|
2020-05-23 00:15:54 |
|
2019-04-30 21:19:18 |
|
2018-10-13 00:22:30 |
|
2017-10-11 09:23:24 |
|
2017-07-11 12:01:31 |
|
2016-04-26 12:53:58 |
|
2014-02-17 10:28:06 |
|
2013-05-11 11:43:16 |
|