漏洞信息详情
Microsoft Windows 2000 Telnet权限提升漏洞
漏洞简介
Microsoft Windows 2000 telnet service会创建可预测pipes名称,并且不对其进行验证,本地用户可以利用该漏洞通过创建名称可预测的命名pipe,并结合恶意程序执行任意命令,其中第一个是该漏洞的两个变种。
漏洞公告
Microsoft has released a patch for Windows 2000 Advanced Server, Professional and Server which rectifies this issue. Microsoft has advised that Windows 2000 Datacenter Server patches are hardware specifice and should be obtained by the original equipment manufacturer. Microsoft Windows 2000 Professional
- Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
- Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
- Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
- Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
- Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
- Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
- Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
- Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
- Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
参考网址
来源:US-CERT Vulnerability Note: VU#587587 名称: VU#587587 链接:http://www.kb.cert.org/vuls/id/587587 来源: MS 名称: MS01-031 链接:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp 来源: XF 名称: win2k-telnet-pipe-privileges(6664) 链接:http://xforce.iss.net/xforce/xfdb/6664 来源: BID 名称: 2849 链接:http://www.securityfocus.com/bid/2849
受影响实体
- Microsoft Windows_2000<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...