正文

Microsoft Windows 2000 Telnet权限提升漏洞

admin
admin V管理员 /0 评论 /5 阅读
1231
此篇文章发布距今已超过1288天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Microsoft Windows 2000 Telnet权限提升漏洞

  • CNNVD编号:CNNVD-200107-144
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2001-0349
  • 漏洞类型: 访问验证错误
  • 发布时间: 2001-07-21
  • 威胁类型: 本地
  • 更新时间: 2005-10-20
  • 厂        商: microsoft
  • 漏洞来源: Posted in a Micros...

漏洞简介

Microsoft Windows 2000 telnet service会创建可预测pipes名称,并且不对其进行验证,本地用户可以利用该漏洞通过创建名称可预测的命名pipe,并结合恶意程序执行任意命令,其中第一个是该漏洞的两个变种。

漏洞公告

Microsoft has released a patch for Windows 2000 Advanced Server, Professional and Server which rectifies this issue. Microsoft has advised that Windows 2000 Datacenter Server patches are hardware specifice and should be obtained by the original equipment manufacturer. Microsoft Windows 2000 Professional

  • Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
Microsoft Windows 2000 Server SP2
  • Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
Microsoft Windows 2000 Server SP1
  • Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
Microsoft Windows 2000 Professional SP2
  • Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
Microsoft Windows 2000 Advanced Server
  • Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
Microsoft Windows 2000 Professional SP1
  • Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE
Microsoft Windows 2000 Server
  • Microsoft Q299553 http://download.microsoft.com/download/win2000platform/Patch/Q299553/N T5/EN-US/Q299553_W2K_SP3_x86_en.EXE

参考网址

来源:US-CERT Vulnerability Note: VU#587587 名称: VU#587587 链接:http://www.kb.cert.org/vuls/id/587587 来源: MS 名称: MS01-031 链接:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp 来源: XF 名称: win2k-telnet-pipe-privileges(6664) 链接:http://xforce.iss.net/xforce/xfdb/6664 来源: BID 名称: 2849 链接:http://www.securityfocus.com/bid/2849

受影响实体

  • Microsoft Windows_2000  
    <!--
    2000-1-1
    -->

补丁

    暂无