Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-3036 to a friend New vulnerability? New tool? Tell us	CVE-2007-3036 Vulnerability in Windows Services for UNIX Allows Elevation of Privilege (MS07-053)     Credit: The information has been provided by Microsoft Security Bulletin MS07-053. The original article can be found at: http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-3036 Details Check for CVE-2007-3036 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Affected Software:  * Windows 2000 Service Pack 4  * Windows XP Service Pack 2  * Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2  * Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2  * Window Vista  * Windows Vista x64 Edition Non-affected Software:  * Windows Services for UNIX 1.0  * Windows Services for UNIX 2.0  * Windows Services for UNIX 2.1  * Windows Services for UNIX 2.2 Windows Services for UNIX Could Allow Elevation of Privilege: A vulnerability exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications where running certain setuid binary files could allow an attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could gain elevation of privilege. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-3036. Mitigating Factors for Windows Services for UNIX Could Allow Elevation of Privilege: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state that could reduce the severity of exploitation of vulnerability. The following mitigating factors may be helpful in your situation:  * Default configurations of Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 do not include Windows Services for UNIX 3.0 and Windows Services for UNIX 3.5. Windows Services for UNIX 3.0 and Windows Services for UNIX 3.5. may be optionally installed on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows Vista and Windows Server 2003 do not have Subsystem for UNIX-based Applications enabled by default. Subsystem for UNIX-based Applications is an optional Windows component for Windows Vista and Windows Server 2003. Workarounds for Windows Services for UNIX Could Allow Elevation of Privilege: Microsoft has not identified any workarounds for this vulnerability. FAQ for Windows Services for UNIX Could Allow Elevation of Privilege: What is the scope of the vulnerability? An elevation of privilege vulnerability exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications where running certain setuid binary files that could allow an attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could gain elevation of privilege. An attacker could then install programs or view, change, or delete data. What causes the vulnerability? Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications incorrectly handles setuid binary files. What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. Users whose accounts are configured to have fewer user rights on the guest operating system are not less impacted than users who operate with administrative user rights on the guest operating system. How could an attacker exploit the vulnerability? An attacker would have to log on locally to an affected system and run certain setuid binary files. Or an attacked would have to convince users to run certain setuid binary files. What is setuid? Users of client computers can set the setuid (set-user-identifier-on-execution) bit for a file. An executable file which has the setuid bit set will execute under the user ID of the file's owner, not the user ID of the user who is executing the file. What systems are primarily at risk from the vulnerability? Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack where Windows Services for UNIX 3.0 or Windows Services for UNIX 3.5 is installed. Windows Server 2003 R2 as an extension of Windows Server 2003. Windows Vista where Subsystem for UNIX-based Applications is enabled. What does the update do? The update removes the vulnerability by correctly handling connection credentials for setuid binary files. When this security bulletin was issued, had this vulnerability been publicly disclosed? Yes. This vulnerability has been publicly disclosed with limited distribution.  Comments on CVE-2007-3036:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®