CVE-2004-0208
CVSS7.2
发布时间 :2004-11-03 00:00:00
修订时间 :2016-10-17 22:41:52
NMCOS    

[原文]The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.


[CNNVD]Microsoft Windows Kernel Virtual DOS Machine特权提升漏洞(CNNVD-200411-010)

        Microsoft Windows NT 4.0版本,Windows 2000版本,Windows XP版本和Windows Server 2003版本的Virtual DOS Machine (VDM)子系统存在漏洞。本地用户可以借助恶意程序进入核心内存以及提升特权,该恶意程序以一种通过授予操作系统函数特权来不恰当验证的方式修改一些系统结构。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_2000Microsoft Windows 2000
cpe:/o:microsoft:windows_2003_server:r2
cpe:/o:microsoft:windows_nt:4.0Microsoft Windows NT 4.0
cpe:/o:microsoft:windows_xp::goldMicrosoft windows xp_gold

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4762Windows NT Terminal Server VDM Privilege Escalation Vulnerability
oval:org.mitre.oval:def:4316Windows 2000 VDM Privilege Escalation Vulnerability
oval:org.mitre.oval:def:3953Windows NT VDM Privilege Escalation Vulnerability
oval:org.mitre.oval:def:3161Windows XP VDM Privilege Escalation Vulnerability
oval:org.mitre.oval:def:1751Windows XP/Server 2003 (64-Bit) VDM Privilege Escalation Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0208
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0208
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-010
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109772135404427&w=2
(UNKNOWN)  BUGTRAQ  20041013 EEYE: Windows VDM #UD Local Privilege Escalation
http://www.kb.cert.org/vuls/id/910998
(VENDOR_ADVISORY)  CERT-VN  VU#910998
http://www.microsoft.com/technet/security/bulletin/ms04-032.asp
(VENDOR_ADVISORY)  MS  MS04-032
http://xforce.iss.net/xforce/xfdb/16580
(VENDOR_ADVISORY)  XF  win-vdm-gain-privilege(16580)
http://xforce.iss.net/xforce/xfdb/17658
(VENDOR_ADVISORY)  XF  win-ms04032-patch(17658)

- 漏洞信息

Microsoft Windows Kernel Virtual DOS Machine特权提升漏洞
高危 访问验证错误
2004-11-03 00:00:00 2005-10-20 00:00:00
本地  
        Microsoft Windows NT 4.0版本,Windows 2000版本,Windows XP版本和Windows Server 2003版本的Virtual DOS Machine (VDM)子系统存在漏洞。本地用户可以借助恶意程序进入核心内存以及提升特权,该恶意程序以一种通过授予操作系统函数特权来不恰当验证的方式修改一些系统结构。

- 公告与补丁

        Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Customers are advised to follow Microsoft's guidance for applying patches. Please see the referenced Avaya advisory at the following location for further details:
        http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()
        Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system.
        Microsoft Windows NT Server 4.0 SP6a
        
        Microsoft Windows NT Terminal Server 4.0 SP6a
        
        Microsoft Windows NT Terminal Server 4.0 SP6
        
        Microsoft Windows XP Professional
        
        Microsoft Windows NT Workstation 4.0 SP6a
        
        Microsoft Windows XP 64-bit Edition SP1
        
        Microsoft Windows 2000 Advanced Server SP4
        
        Microsoft Windows 2000 Professional SP3
        
        Microsoft Windows 2000 Datacenter Server SP4
        
        Microsoft Windows XP Home
        
        Microsoft Windows 2000 Advanced Server SP3
        
        Microsoft Windows XP Home SP1
        
        Microsoft Windows 2000 Datacenter Server SP3
        
        Microsoft Windows 2000 Server SP3
        
        Microsoft Windows XP 64-bit Edition Version 2003
        
        Microsoft Windows NT Enterprise Server 4.0 SP6a
        
        Microsoft Windows 2000 Server SP4
        
        Microsoft Windows 2000 Professional SP4
        
        Microsoft Windows XP Professional SP1
        

- 漏洞信息

10691
Microsoft Windows Virtual DOS Machine Subsystem Local Privilege Escalation
Local Access Required Authentication Management
Loss of Integrity
Vendor Verified

- 漏洞描述

Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered within a portion of the Windows kernel that handles 16-bit code within a Virtual DOS Machine will give special opcode byte sequence special treatment during relay to the 32-bit host code. With a specially crafted request, an attacker could use this to leverage increased privileges on the system.

- 时间线

2004-10-12 Unknow
Unknow 2004-10-12

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Windows Kernel Virtual DOS Machine Privilege Escalation Vulnerability
Access Validation Error 11369
No Yes
2004-10-12 12:00:00 2008-12-10 10:01:00
Discovery is credited to eEye Digital Security.

- 受影响的程序版本

Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Server 4.0 SP6a
+ Avaya DefinityOne Media Servers
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
+ Avaya S8100 Media Servers 0
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Avaya S8100 Media Servers R9
Avaya S8100 Media Servers R8
Avaya S8100 Media Servers R7
Avaya S8100 Media Servers R6
Avaya S8100 Media Servers R12
Avaya S8100 Media Servers R11
Avaya S8100 Media Servers R10
Avaya S8100 Media Servers 0
+ Microsoft Windows 2000 Server
+ Microsoft Windows NT Server 4.0 SP6a
Avaya S3400 Message Application Server 0
+ Microsoft Windows 2000 Server
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya IP600 Media Servers R9
Avaya IP600 Media Servers R8
Avaya IP600 Media Servers R7
Avaya IP600 Media Servers R6
Avaya IP600 Media Servers R12
Avaya IP600 Media Servers R11
Avaya IP600 Media Servers R10
Avaya IP600 Media Servers
Avaya DefinityOne Media Servers R9
Avaya DefinityOne Media Servers R8
Avaya DefinityOne Media Servers R7
Avaya DefinityOne Media Servers R6
Avaya DefinityOne Media Servers R12
Avaya DefinityOne Media Servers R11
Avaya DefinityOne Media Servers R10
Avaya DefinityOne Media Servers
Microsoft Windows XP Professional SP2
Microsoft Windows XP Home SP2

- 不受影响的程序版本

Microsoft Windows XP Professional SP2
Microsoft Windows XP Home SP2

- 漏洞讨论

Microsoft Windows Kernel Virtual DOS Machine is reported prone to a local privilege-escalation vulnerability.

The Microsoft Virtual DOS Machine (VDM) is a protected environment that emulates MS-DOS on Windows NT-based operating systems. This issue is caused by an access-validation error. A local attacker can exploit this vulnerability to gain elevated privileges on a vulnerable computer.

- 漏洞利用

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

- 解决方案

Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system.


Microsoft Windows NT Server 4.0 SP6a

Microsoft Windows NT Terminal Server 4.0 SP6a

Microsoft Windows NT Terminal Server 4.0 SP6

Microsoft Windows XP Professional

Microsoft Windows NT Workstation 4.0 SP6a

Microsoft Windows XP 64-bit Edition SP1

Microsoft Windows 2000 Advanced Server SP4

Microsoft Windows 2000 Professional SP3

Microsoft Windows 2000 Datacenter Server SP4

Microsoft Windows XP Home

Microsoft Windows 2000 Advanced Server SP3

Microsoft Windows XP Home SP1

Microsoft Windows 2000 Datacenter Server SP3

Microsoft Windows 2000 Server SP3

Microsoft Windows XP 64-bit Edition Version 2003

Microsoft Windows NT Enterprise Server 4.0 SP6a

Microsoft Windows 2000 Server SP4

Microsoft Windows 2000 Professional SP4

Microsoft Windows XP Professional SP1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站