Vulnerability In Windows Services For UNIX Could Allow Elevation Of Privilege (939778) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS07-053.

Impact

Successful exploitation allows remote attackers to execute arbitrary code with escalated privileges by running a specially crafted setuid binary. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx

Insight

The flaw is due to an unspecified error in Windows Services for UNIX and the Subsystem for UNIX-based Applications component when handling connection credentials for setuid binaries.

Affected

Microsoft Windows XP Service Pack 2 and prior. Microsoft Windows 2000 ervice Pack 4 and prior. Microsoft Windows 2K3 Service Pack 2 and prior. Microsoft Windows Vista

References

http://osvdb.org/36935
http://secunia.com/advisories/26757
http://securitytracker.com/alerts/2007/Sep/1018678.html
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-3036

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502)
Microsoft 'ISATAP' Component Spoofing Vulnerability (978338)
Microsoft SharePoint Foundation HTML Sanitisation Component XSS Vulnerability (2821818)
ASP.NET MVC Security Feature Bypass Vulnerability (2990942)
Microsoft SQL Server Elevation of Privilege Vulnerability (2984340) - Remote

Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

Take action and discover your vulnerabilities