Vulnerability In Windows Services For UNIX Could Allow Elevation Of Privilege (939778) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS07-053.

Impact

Successful exploitation allows remote attackers to execute arbitrary code with escalated privileges by running a specially crafted setuid binary. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx

Insight

The flaw is due to an unspecified error in Windows Services for UNIX and the Subsystem for UNIX-based Applications component when handling connection credentials for setuid binaries.

Affected

Microsoft Windows XP Service Pack 2 and prior. Microsoft Windows 2000 ervice Pack 4 and prior. Microsoft Windows 2K3 Service Pack 2 and prior. Microsoft Windows Vista

References

http://osvdb.org/36935
http://secunia.com/advisories/26757
http://securitytracker.com/alerts/2007/Sep/1018678.html
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-3036
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft FrontPage Information Disclosure Vulnerability (2825621)
Microsoft Graphics Component Information Disclosure Vulnerability (3029944)
Microsoft Window Audio Service Privilege Escalation Vulnerability (3005607)
Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
Microsoft Security Bulletin MS06-056

Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

Take action and discover your vulnerabilities