Microsoft Windows 2000目录服务储存模式空白密码漏洞

漏洞信息详情

Microsoft Windows 2000目录服务储存模式空白密码漏洞

• CNNVD编号：CNNVD-200102-012
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-0048
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2001-02-12
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Discovered by John…

Microsoft 2000域控制器\”Configure Your Server\”工具安装Directory Service Restore Mode空白密码。物理访问控制器的攻击者可以利用该漏洞安装恶意程序，也称为\”Directory Service Restore Mode Password\”漏洞。

Microsoft has released patches which will eliminate this vulnerability. The patch also includes the SETPWD tool which allows the administrator to modify the value of the Directory Service Restore Mode and Recovery Console password. The command syntax for the tool is:
SETPWD [/s:servername]
Microsoft Windows 2000 Advanced Server

• Microsoft Q271641
  
  http://download.microsoft.com/download/win2000platform/Patch/q271641/N
  T5/EN-US/Q271641_W2K_SP2_x86_en.EXE

Microsoft Windows 2000 Server

• Microsoft Q271641
  
  http://download.microsoft.com/download/win2000platform/Patch/q271641/N
  T5/EN-US/Q271641_W2K_SP2_x86_en.EXE

来源: BID
名称: 2133
链接:http://www.securityfocus.com/bid/2133

来源: MS
名称: MS00-099
链接:http://www.microsoft.com/technet/security/bulletin/MS00-099.asp