论坛: 黑客进阶 标题: MicrosoftPOSIX本地权限提升(MS04-020)[转载] 复制本贴地址    
作者: pula [pula]    论坛用户   登录

发布日期:2004-07-13
更新日期:2004-07-15

受影响系统:
Microsoft Windows NT 4.0SP6a
Microsoft Windows 2000SP4
Microsoft Windows 2000SP3
Microsoft Windows 2000SP2
描述:
--------------------------------------------------------------------------------
CVE(CAN) ID: CAN-2004-0210

Microsoft Windows是一款商业视窗操作系统。

Microsoft Windows POSIX子系统存在权限提升问题,本地攻击者可以利用这个漏洞完全控制整个系统。

目前没有详细漏洞细节提供。

<*来源:Rafal Wojtczuk
 
  链接:http://www.microsoft.com/technet/security/bulletin/MS04-020.mspx
*>

建议:
--------------------------------------------------------------------------------
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 可根据如下文章关闭POSIX子系统:
http://support.microsoft.com/default.aspx?scid=kb;en-us;101270

厂商补丁:

Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS04-020)以及相应补丁:
MS04-020:Vulnerability in POSIX Could Allow Code Execution (841872)
链接:http://www.microsoft.com/technet/security/bulletin/MS04-020.mspx

补丁下载:

Microsoft Windows NT? Workstation 4.0 Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=25993F70-191B-4E35-AA1B-0AA1A7027880&displaylang=en

Microsoft Windows NT Server 4.0 Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=C2018A81-446C-4930-A6CC-EA5B5960FF05&displaylang=en

Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=9CFC4AF3-B0BC-4798-BC23-F45739E3B802&displaylang=en

Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=9CFC4AF3-B0BC-4798-BC23-F45739E3B802&displaylang=en

作者: 不详
转自: 银色巢穴



地主 发表时间: 04-07-25 13:31

回复: hackerjune [hackerjune]   论坛用户   登录
很早就看过了啊!

B1层 发表时间: 04-08-26 08:53

论坛: 黑客进阶

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号