6.9 - VU#768440

Executive Summary

Summary
Title	Microsoft Windows Services for UNIX privilege escalation vulnerability

Informations
Name	VU#768440	First vendor Publication	2007-09-12
Vendor	VU-CERT	Last vendor Modification	2007-09-12
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	6.9	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#768440

Microsoft Windows Services for UNIX privilege escalation vulnerability

Overview

Microsoft Windows Services for UNIX contains a vulnerability that may allow a local, authenticated attacker to gain elevated privileges.

I. Description

Windows Services for UNIX fails to properly handle setuid binary files. An attacker may be able to trigger this vulnerability by running a specially crafted setuid binary file.

For more information, please see Microsoft Security Bulletin MS07-053.

II. Impact

A local, authenticated attacker may be able to gain elevated privileges on a vulnerable system.

III. Solution

Microsoft has released updates in Microsoft Security Bulletin MS07-053 to address this issue.

Systems Affected

Vendor	Status	Date Updated
Microsoft Corporation	Vulnerable	12-Sep-2007

References

http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx
http://secunia.com/advisories/26757/

Credit

This vulnerability was reported in Microsoft Security Bulletin MS07-053. Microsoft thanks Brian Reiter of WolfeReiter for reporting the vulnerability to them.

This document was written by Katie Steiner.

Other Information

Date Public	09/11/2007
Date First Published	09/12/2007 08:06:53 AM
Date Last Updated	09/12/2007
CERT Advisory
CVE Name	CVE-2007-3036
Metric	0.37
Document Revision	10

Original Source

Url : http://www.kb.cert.org/vuls/id/768440

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1275

Oval ID:	oval:org.mitre.oval:def:1275
Title:	Windows Services for UNIX Could Allow Elevation of Privilege
Description:	Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-3036	Version:	1
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
POSIX is enabled AND UNIX 3.0 version on Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1 and Windows Server 2003 SP2 Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1 and Windows Server 2003 SP2 Microsoft Windows 2000 SP4 is installed AND Microsoft Windows XP, SP2 is installed AND Microsoft Windows Server 2003 (x86) SP1 is installed AND Microsoft Windows Server 2003 (x86) SP2 is installed AND the version of psxss.exe is less than 7.0.1701.46 AND The major version of Psxss.exe 7. the version of psxss.exe is greater than or equal to 7. AND The version of Psxss.exe is less than 8. OR UNIX 3.5 version on Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1 and Windows Server 2003 SP2 Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1 and Windows Server 2003 SP2 Microsoft Windows 2000 SP4 is installed AND Microsoft Windows XP, SP2 is installed AND Microsoft Windows Server 2003 (x86) SP1 is installed AND Microsoft Windows Server 2003 (x86) SP2 is installed AND the version of psxss.exe is less than 8.0.1969.58 AND the version of psxss.exe starts with 8 AND The major version of Psxss.exe 8. the version of psxss.exe is greater than or equal to 8. AND The version of Psxss.exe is less than 9. OR Windows Server 2003 SP1 Microsoft Windows Server 2003 (x86) SP1 is installed AND the version of psxss.exe is less than 9.0.3790.2983 AND The major version of Psxss.exe 9. the version of psxss.exe is greater than or equal to 9. AND The version of Psxss.exe is less than 10. OR Windows Server 2003 SP2 Microsoft Windows Server 2003 (x86) SP2 is installed AND the version of psxss.exe is less than 9.0.3790.4125 AND The major version of Psxss.exe 9. the version of psxss.exe is greater than or equal to 9. AND The version of Psxss.exe is less than 10. OR Windows Server 2003 SP1 (x64) Microsoft Windows Server 2003 (x64) SP1 is installed AND the version of psxss.exe is less than 9.0.3790.2983 AND The major version of Psxss.exe 9. the version of psxss.exe is greater than or equal to 9. AND The version of Psxss.exe is less than 10. OR Windows Server 2003 SP2 (x64) Microsoft Windows Server 2003 (x64) SP2 is installed AND the version of psxss.exe is less than 9.0.3790.4125 AND The major version of Psxss.exe 9. the version of psxss.exe is greater than or equal to 9. AND The version of Psxss.exe is less than 10. OR Windows Vista Microsoft Windows Vista (x86) is installed AND the version of psxss.exe is less than 6.0.6000.20660 AND The major version of Psxss.exe 6. the version of psxss.exe is greater than or equal to 6. AND The version of Psxss.exe is less than 7.

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Windows Services For Unix cpe:2.3:a:microsoft:windows_services_for_unix:3.5:::::::* cpe:2.3:a:microsoft:windows_services_for_unix:3.0:::::::*	2

OpenVAS Exploits

Date	Description
2011-01-18	Name : Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege... File : nvt/gb_ms07-053.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
36935	Microsoft Windows Services for UNIX Local Privilege Escalation Microsoft Windows Services for Unix contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when running a specially crafted setuid binary. Exact details of this condition have been withheld. This flaw may lead to a loss of integrity.

Nessus® Vulnerability Scanner

Date	Description
2007-09-11	Name : A local user can elevate his privileges. File : smb_nt_ms07-053.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-04-26 18:27:52	Multiple Updates
2015-05-08 13:28:08	Multiple Updates
2013-05-11 12:26:44	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	2
osvdb(s)	1
Openvas Exploit(s)	1
Nessus® Exploit(s)	1

	Related
10	VU#611008
6.9	MS07-053
6.9	CVE-2007-3036
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)