CVE-2001-0349
CVSS7.2
发布时间 :2001-07-21 00:00:00
修订时间 :2008-09-05 16:23:53
NMCOS    

[原文]Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.


[CNNVD]Microsoft Windows 2000 Telnet权限提升漏洞(CNNVD-200107-144)

        Microsoft Windows 2000 telnet service会创建可预测pipes名称,并且不对其进行验证,本地用户可以利用该漏洞通过创建名称可预测的命名pipe,并结合恶意程序执行任意命令,其中第一个是该漏洞的两个变种。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0349
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0349
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200107-144
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/587587
(UNKNOWN)  CERT-VN  VU#587587
http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
(VENDOR_ADVISORY)  MS  MS01-031
http://xforce.iss.net/xforce/xfdb/6664
(UNKNOWN)  XF  win2k-telnet-pipe-privileges(6664)
http://www.securityfocus.com/bid/2849
(UNKNOWN)  BID  2849

- 漏洞信息

Microsoft Windows 2000 Telnet权限提升漏洞
高危 访问验证错误
2001-07-21 00:00:00 2005-10-20 00:00:00
远程  
        Microsoft Windows 2000 telnet service会创建可预测pipes名称,并且不对其进行验证,本地用户可以利用该漏洞通过创建名称可预测的命名pipe,并结合恶意程序执行任意命令,其中第一个是该漏洞的两个变种。

- 公告与补丁

        Microsoft has released a patch for Windows 2000 Advanced Server, Professional and Server which rectifies this issue. Microsoft has advised that Windows 2000 Datacenter Server patches are hardware specifice and should be obtained by the original equipment manufacturer.
        Microsoft Windows 2000 Professional
        
        Microsoft Windows 2000 Server SP2
        
        Microsoft Windows 2000 Advanced Server SP1
        
        Microsoft Windows 2000 Server SP1
        
        Microsoft Windows 2000 Advanced Server SP2
        
        Microsoft Windows 2000 Professional SP2
        
        Microsoft Windows 2000 Advanced Server
        
        Microsoft Windows 2000 Professional SP1
        
        Microsoft Windows 2000 Server
        

- 漏洞信息

13475
Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-06-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
Access Validation Error 2849
Yes No
2001-06-08 12:00:00 2009-07-11 06:56:00
Posted in a Microsoft Security Bulletin MS01-031 on June 7, 2001.

- 受影响的程序版本

Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server

- 漏洞讨论

A vulnerability exists in the way Windows 2000 telnet service handles server-side named pipes and the predictable names used for the pipes.

The predictability of server-side named pipes enables any local user with privileges to execute a program to create a server-side named pipe and assume the security context of the system service. By running the telnet service after arbitrary code has been attached to the appropriate named pipe, the code will be run in the Local System context as part of the initialization process.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has released a patch for Windows 2000 Advanced Server, Professional and Server which rectifies this issue. Microsoft has advised that Windows 2000 Datacenter Server patches are hardware specifice and should be obtained by the original equipment manufacturer.


Microsoft Windows 2000 Professional

Microsoft Windows 2000 Server SP2

Microsoft Windows 2000 Advanced Server SP1

Microsoft Windows 2000 Server SP1

Microsoft Windows 2000 Advanced Server SP2

Microsoft Windows 2000 Professional SP2

Microsoft Windows 2000 Advanced Server

Microsoft Windows 2000 Professional SP1

Microsoft Windows 2000 Server

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站