Microsoft Windows 2000 Telnet权限提升漏洞

漏洞信息详情

Microsoft Windows 2000 Telnet权限提升漏洞

• CNNVD编号：CNNVD-200107-144
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-0349
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2001-07-21
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Posted in a Micros…

Microsoft Windows 2000 telnet service会创建可预测pipes名称，并且不对其进行验证，本地用户可以利用该漏洞通过创建名称可预测的命名pipe，并结合恶意程序执行任意命令，其中第一个是该漏洞的两个变种。

Microsoft has released a patch for Windows 2000 Advanced Server, Professional and Server which rectifies this issue. Microsoft has advised that Windows 2000 Datacenter Server patches are hardware specifice and should be obtained by the original equipment manufacturer.
Microsoft Windows 2000 Professional

• Microsoft Q299553
  
  http://download.microsoft.com/download/win2000platform/Patch/Q299553/N
  T5/EN-US/Q299553_W2K_SP3_x86_en.EXE

Microsoft Windows 2000 Server SP2

• Microsoft Q299553
  
  http://download.microsoft.com/download/win2000platform/Patch/Q299553/N
  T5/EN-US/Q299553_W2K_SP3_x86_en.EXE

Microsoft Windows 2000 Advanced Server SP1

• Microsoft Q299553
  
  http://download.microsoft.com/download/win2000platform/Patch/Q299553/N
  T5/EN-US/Q299553_W2K_SP3_x86_en.EXE

Microsoft Windows 2000 Server SP1

• Microsoft Q299553
  
  http://download.microsoft.com/download/win2000platform/Patch/Q299553/N
  T5/EN-US/Q299553_W2K_SP3_x86_en.EXE

Microsoft Windows 2000 Advanced Server SP2

• Microsoft Q299553
  
  http://download.microsoft.com/download/win2000platform/Patch/Q299553/N
  T5/EN-US/Q299553_W2K_SP3_x86_en.EXE

Microsoft Windows 2000 Professional SP2

• Microsoft Q299553
  
  http://download.microsoft.com/download/win2000platform/Patch/Q299553/N
  T5/EN-US/Q299553_W2K_SP3_x86_en.EXE

Microsoft Windows 2000 Advanced Server

• Microsoft Q299553
  
  http://download.microsoft.com/download/win2000platform/Patch/Q299553/N
  T5/EN-US/Q299553_W2K_SP3_x86_en.EXE

Microsoft Windows 2000 Professional SP1

• Microsoft Q299553
  
  http://download.microsoft.com/download/win2000platform/Patch/Q299553/N
  T5/EN-US/Q299553_W2K_SP3_x86_en.EXE

Microsoft Windows 2000 Server

• Microsoft Q299553
  
  http://download.microsoft.com/download/win2000platform/Patch/Q299553/N
  T5/EN-US/Q299553_W2K_SP3_x86_en.EXE

来源:US-CERT Vulnerability Note: VU#587587
名称: VU#587587
链接:http://www.kb.cert.org/vuls/id/587587

来源: MS
名称: MS01-031
链接:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp

来源: XF
名称: win2k-telnet-pipe-privileges(6664)
链接:http://xforce.iss.net/xforce/xfdb/6664

来源: BID
名称: 2849
链接:http://www.securityfocus.com/bid/2849