微点交流论坛

标题: Microsoft Windows Services for UNIX权限扩大 [打印本页]

作者: pioneer 时间: 2007-9-12 14:06 标题: Microsoft Windows Services for UNIX权限扩大

来源

secunia.com

操作系统

Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Storage Server 2003
Microsoft Windows Vista

描述

这可导致恶意的本地用户夺权（扩大权限）Windows Services for UNIX 和基于UNIX的subsystem应用程序组件在处理连接到二进制setuid证书时的不确定错误可通过运行一个特定的二进制的setuid来导致执行扩大权限的任意代码执行成功需要Microsoft Windows Services for UNIX和基于UNIX的subsystem应用程序组件可以使用（缺省时为不可用）注意：根据微软的解释，“受限制的分配”这个漏洞已经存在

解决方案

应用补丁
Windows 2000 SP4 with Windows Services for UNIX 3.0:
http://www.microsoft.com/downloa ... 5-9007-1654abf92277

Windows 2000 SP4 with Windows Services for UNIX 3.5:
http://www.microsoft.com/downloa ... 6-ba8d-8ac7e4f82663

Windows XP SP2 with Windows Services for UNIX 3.0:
http://www.microsoft.com/downloa ... 5-9007-1654abf92277

Windows XP SP2 with Windows Services for UNIX 3.5:
http://www.microsoft.com/downloa ... 6-ba8d-8ac7e4f82663

Windows Server 2003 SP1/SP2 with Windows Services for UNIX 3.0:
http://www.microsoft.com/downloa ... 5-9007-1654abf92277

Windows Server 2003 SP1/SP2 with Windows Services for UNIX 3.5:
http://www.microsoft.com/downloa ... 6-ba8d-8ac7e4f82663

Windows Server 2003 SP1/SP2 with Subsystem for UNIX-based
Applications:
http://www.microsoft.com/downloa ... b-aa51-47568ab6ce3f

Windows Server 2003 x64 Edition (optionally with SP2) with Subsystem
for UNIX-based Applications:
http://www.microsoft.com/downloa ... 4-9db6-054af836492b

Window Vista with Subsystem for UNIX-based Applications:
http://www.microsoft.com/downloa ... f-8163-85c648e65b29

Windows Vista x64 Edition with Subsystem for UNIX-based
Applications:
http://www.microsoft.com/downloa ... b-a9a0-939bcd27f0de

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn