Vulnerability In Windows Services For UNIX Could Allow Elevation Of Privilege (939778) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS07-053.

Impact

Successful exploitation allows remote attackers to execute arbitrary code with escalated privileges by running a specially crafted setuid binary. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx

Insight

The flaw is due to an unspecified error in Windows Services for UNIX and the Subsystem for UNIX-based Applications component when handling connection credentials for setuid binaries.

Affected

Microsoft Windows XP Service Pack 2 and prior. Microsoft Windows 2000 ervice Pack 4 and prior. Microsoft Windows 2K3 Service Pack 2 and prior. Microsoft Windows Vista

References

http://osvdb.org/36935
http://secunia.com/advisories/26757
http://securitytracker.com/alerts/2007/Sep/1018678.html
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-3036

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)
Microsoft Windows Media Center Remote Code Execution Vulnerability (2978742)
Microsoft OneNote Information Disclosure Vulnerability (2816264)
Microsoft SharePoint Server Remote Code Execution Vulnerability (2904244)
Microsoft Active Directory Federation Services Information Disclosure Vulnerability (2873872)

Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

Take action and discover your vulnerabilities