Microsoft Windows 2000 LDAP SSL密码修改漏洞

漏洞信息详情

Microsoft Windows 2000 LDAP SSL密码修改漏洞

• CNNVD编号：CNNVD-200107-145
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2001-0502
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2001-07-21
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Discovered by Jon …

SSL上运行Windows 2000 LDAP Server的一个参数没有在目录原则为域用户并且域数据属性为域密码时正确检查用户权限，本地用户可以利用该漏洞修改其他用户的登录密码。

The Microsoft patch Q299687, as described in Microsoft Security Bulletin MS01-036, has been superseded. The new patch is Q318593, as described in Microsoft Security Bulletin MS02-016.
Fixes for Microsoft Windows 2000 Datacenter Server are hardware specific. Those affected should contact the original manufacturer of their hardware about the availability of Datacenter Server fixes.
Microsoft Windows 2000 Server SP2

• Microsoft Q318593This fix applies to Windows 2000 Domain Controller.
  
  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844

Microsoft Windows 2000 Advanced Server SP1

• Microsoft Q318593This fix applies to Windows 2000 Domain Controller.
  
  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844

Microsoft Windows 2000 Server SP1

• Microsoft Q318593This fix applies to Windows 2000 Domain Controller.
  
  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844

Microsoft Windows 2000 Advanced Server SP2

• Microsoft Q318593This fix applies to Windows 2000 Domain Controller.
  
  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844

Microsoft Windows 2000 Advanced Server

• Microsoft Q318593This fix applies to Windows 2000 Domain Controller.
  
  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844

Microsoft Windows 2000 Server

• Microsoft Q318593This fix applies to Windows 2000 Domain Controller.
  
  http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844

来源: MS
名称: MS01-036
链接:http://www.microsoft.com/technet/security/bulletin/MS01-036.asp

来源: XF
名称: win2k-ldap-change-passwords(6745)
链接:http://xforce.iss.net/static/6745.php

来源: BID
名称: 2929
链接:http://www.securityfocus.com/bid/2929

来源: CIAC
名称: L-101
链接:http://www.ciac.org/ciac/bulletins/l-101.shtml