Executive Summary
Informations | |||
---|---|---|---|
Name | MS04-044 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1321 | |||
Oval ID: | oval:org.mitre.oval:def:1321 | ||
Title: | Windows Kernel LPC Privilege Escalation Vulnerability (NT 4.0) | ||
Description: | The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0893 | Version: | 3 |
Platform(s): | Microsoft Windows NT | Product(s): | Windows kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1561 | |||
Oval ID: | oval:org.mitre.oval:def:1561 | ||
Title: | Windows Kernel LPC Privilege Escalation Vulnerability (Windows 2000) | ||
Description: | The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0893 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Windows kernel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1581 | |||
Oval ID: | oval:org.mitre.oval:def:1581 | ||
Title: | Suppressed Test OVAL1581 (Identical to OVAL4458) | ||
Description: | The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0893 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Windows kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1886 | |||
Oval ID: | oval:org.mitre.oval:def:1886 | ||
Title: | Windows Kernel LPC Privilege Escalation Vulnerability (32-bit XP,SP1) | ||
Description: | The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0893 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Windows kernel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1888 | |||
Oval ID: | oval:org.mitre.oval:def:1888 | ||
Title: | LSASS Privilege Escalation Vulnerability (64-bit Server 2003) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2008 | |||
Oval ID: | oval:org.mitre.oval:def:2008 | ||
Title: | Windows Kernel LPC Privilege Escalation Vulnerability (64-bit XP) | ||
Description: | The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0893 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Windows kernel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:2062 | |||
Oval ID: | oval:org.mitre.oval:def:2062 | ||
Title: | LSASS Privilege Escalation Vulnerability (64-bit XP, SP1) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:3312 | |||
Oval ID: | oval:org.mitre.oval:def:3312 | ||
Title: | LSASS Privilege Escalation Vulnerability (Server 2003/64-bit XP) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 1 |
Platform(s): | Microsoft Windows XP | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3325 | |||
Oval ID: | oval:org.mitre.oval:def:3325 | ||
Title: | LSASS Privilege Escalation Vulnerability (32-bit XP, SP1) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 4 |
Platform(s): | Microsoft Windows XP | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4021 | |||
Oval ID: | oval:org.mitre.oval:def:4021 | ||
Title: | Windows Kernel LPC Privilege Escalation Vulnerability (NT Terminal Server) | ||
Description: | The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0893 | Version: | 2 |
Platform(s): | Microsoft Windows NT | Product(s): | Windows kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4368 | |||
Oval ID: | oval:org.mitre.oval:def:4368 | ||
Title: | LSASS Privilege Escalation Vulnerability (32-bit XP, SP2) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4458 | |||
Oval ID: | oval:org.mitre.oval:def:4458 | ||
Title: | Windows Kernel LPC Privilege Escalation Vulnerability (Server 2003) | ||
Description: | The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0893 | Version: | 1 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Windows kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:450 | |||
Oval ID: | oval:org.mitre.oval:def:450 | ||
Title: | Windows Kernel LPC Privilege Escalation Vulnerability (32-bit XP,SP2) | ||
Description: | The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0893 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Windows kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:778 | |||
Oval ID: | oval:org.mitre.oval:def:778 | ||
Title: | LSASS Privilege Escalation Vulnerability (Windows 2000) | ||
Description: | LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0894 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Local Security Authority Subsystem Service (LSASS) |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
12376 | Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation The Microsoft Windows operating system contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in the validation of identity tokens within the Local Security Authority Subsystem Service (LSASS.) This flaw may lead to a loss of confidentiality. |
12372 | Microsoft Windows Kernel Application Launch Local Privilege Escalation Microsoft WIndows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unchecked buffer in the handling of data sent through a Local Procedure Call (LPC) port, allowing an attacker to trigger an overflow leading to arbitrary code execution with escalated priveleges. This flaw may lead to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-12-14 | Name : Local users can elevate their privileges on the remote host. File : smb_nt_ms04-044.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:05 |
|