6.9 - MS07-053

Executive Summary

Summary
Title	Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

Informations
Name	MS07-053	First vendor Publication	2007-09-11
Vendor	Microsoft	Last vendor Modification	2007-09-11
Severity (Vendor)	Important	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	6.9	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

This important security update resolves one publicly disclosed vulnerability. A vulnerability exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications where running certain setuid binary files could

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1275

Oval ID:	oval:org.mitre.oval:def:1275
Title:	Windows Services for UNIX Could Allow Elevation of Privilege
Description:	Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-3036	Version:	1
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
POSIX is enabled AND UNIX 3.0 version on Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1 and Windows Server 2003 SP2 Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1 and Windows Server 2003 SP2 Microsoft Windows 2000 SP4 is installed AND Microsoft Windows XP, SP2 is installed AND Microsoft Windows Server 2003 (x86) SP1 is installed AND Microsoft Windows Server 2003 (x86) SP2 is installed AND the version of psxss.exe is less than 7.0.1701.46 AND The major version of Psxss.exe 7. the version of psxss.exe is greater than or equal to 7. AND The version of Psxss.exe is less than 8. OR UNIX 3.5 version on Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1 and Windows Server 2003 SP2 Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1 and Windows Server 2003 SP2 Microsoft Windows 2000 SP4 is installed AND Microsoft Windows XP, SP2 is installed AND Microsoft Windows Server 2003 (x86) SP1 is installed AND Microsoft Windows Server 2003 (x86) SP2 is installed AND the version of psxss.exe is less than 8.0.1969.58 AND the version of psxss.exe starts with 8 AND The major version of Psxss.exe 8. the version of psxss.exe is greater than or equal to 8. AND The version of Psxss.exe is less than 9. OR Windows Server 2003 SP1 Microsoft Windows Server 2003 (x86) SP1 is installed AND the version of psxss.exe is less than 9.0.3790.2983 AND The major version of Psxss.exe 9. the version of psxss.exe is greater than or equal to 9. AND The version of Psxss.exe is less than 10. OR Windows Server 2003 SP2 Microsoft Windows Server 2003 (x86) SP2 is installed AND the version of psxss.exe is less than 9.0.3790.4125 AND The major version of Psxss.exe 9. the version of psxss.exe is greater than or equal to 9. AND The version of Psxss.exe is less than 10. OR Windows Server 2003 SP1 (x64) Microsoft Windows Server 2003 (x64) SP1 is installed AND the version of psxss.exe is less than 9.0.3790.2983 AND The major version of Psxss.exe 9. the version of psxss.exe is greater than or equal to 9. AND The version of Psxss.exe is less than 10. OR Windows Server 2003 SP2 (x64) Microsoft Windows Server 2003 (x64) SP2 is installed AND the version of psxss.exe is less than 9.0.3790.4125 AND The major version of Psxss.exe 9. the version of psxss.exe is greater than or equal to 9. AND The version of Psxss.exe is less than 10. OR Windows Vista Microsoft Windows Vista (x86) is installed AND the version of psxss.exe is less than 6.0.6000.20660 AND The major version of Psxss.exe 6. the version of psxss.exe is greater than or equal to 6. AND The version of Psxss.exe is less than 7.

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Windows Services For Unix cpe:2.3:a:microsoft:windows_services_for_unix:3.5:::::::* cpe:2.3:a:microsoft:windows_services_for_unix:3.0:::::::*	2

OpenVAS Exploits

Date	Description
2011-01-18	Name : Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege... File : nvt/gb_ms07-053.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
36935	Microsoft Windows Services for UNIX Local Privilege Escalation Microsoft Windows Services for Unix contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when running a specially crafted setuid binary. Exact details of this condition have been withheld. This flaw may lead to a loss of integrity.

Nessus® Vulnerability Scanner

Date	Description
2007-09-11	Name : A local user can elevate his privileges. File : smb_nt_ms07-053.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:45:46	Multiple Updates
2013-05-11 12:22:03	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	2
osvdb(s)	1
Openvas Exploit(s)	1
Nessus® Exploit(s)	1

	Related
6.9	VU#768440
6.9	CVE-2007-3036
0	HPSBST02260 SSR...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

6.9 - MS07-053

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU