Alert GCSA-07092 - Vulnerabilita' in Windows Services for UNIX
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-07092
Data : 12 Settembre 2007
Titolo : Vulnerabilita' in Windows Services for UNIX (MS07-053)
*****************************************************************************
:: Descrizione del problema:
E' stato rilasciato il bollettino di sicurezza MS07-053 per risolvere
una vulnerabilita' presente in Windows Services for UNIX 3.0,
Windows Services for UNIX 3.5 e Subsystem for UNIX-based
Applications, causata da un errore nella gestione delle credenziali
durante l'esecuzione di determinati file binari setuid. Tale
vulnerabilita' puo' consentire a un utente locale malintenzionato di
acquisire privilegi piu' elevati.
Lo sfruttamento della vulnerabilita' richiede che Windows Services
for UNIX sia installato o che il componente sia abilitato
(disabilitato di default).
:: Sistemi e componenti interessati:
* Windows 2000 Service Pack 4
- Windows Services for UNIX 3.0
- Windows Services for UNIX 3.5
* Windows XP Service Pack 2
- Windows Services for UNIX 3.0
- Windows Services for UNIX 3.5
* Windows Server 2003 Service Pack 1 e Service Pack 2
- Windows Services for UNIX 3.0
- Windows Services for UNIX 3.5
* Windows Server 2003 x64 Edition e Service Pack 2
* Window Vista
* Windows Vista x64 Edition
- Subsystem for UNIX-based Applications
:: Impatto:
Acquisizione di privilegi pi elevati
:: Soluzione:
Applicare l'aggiornamento di sicurezza associato al bolletino
MS07-053 disponibile al sito Microsoft
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx
:: Riferimenti:
Microsoft:
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx
US-CERT - Technical Cyber Security Alert TA07-254A
http://www.us-cert.gov/cas/techalerts/TA07-254A.html
Secunia:
http://secunia.com/advisories/26757/
FrSirt:
http://www.frsirt.com/english/advisories/2007/3115
Security Focus:
http://www.securityfocus.com/bid/25620
Mitre's CVE ID:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3036
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRuftrfOB+SpikaiRAQICCgQAslHJPBjZXRlxUbzOmHlgV8vQJpf+G2dg
8gwYIHH4DpDsV3m40XlLt1Qz5KOC4eetLtXQcNgLG94cjoZZiMjzykCJmdEdmR1i
St2BWnGHDPHV0DLUJGKHKlb0oHM6aSNo+C6pdu14KkHgaykNjkqeqaElfAjK1el+
FQXbKQgxWag=
=2aQt
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-07092
Data : 12 Settembre 2007
Titolo : Vulnerabilita' in Windows Services for UNIX (MS07-053)
*****************************************************************************
:: Descrizione del problema:
E' stato rilasciato il bollettino di sicurezza MS07-053 per risolvere
una vulnerabilita' presente in Windows Services for UNIX 3.0,
Windows Services for UNIX 3.5 e Subsystem for UNIX-based
Applications, causata da un errore nella gestione delle credenziali
durante l'esecuzione di determinati file binari setuid. Tale
vulnerabilita' puo' consentire a un utente locale malintenzionato di
acquisire privilegi piu' elevati.
Lo sfruttamento della vulnerabilita' richiede che Windows Services
for UNIX sia installato o che il componente sia abilitato
(disabilitato di default).
:: Sistemi e componenti interessati:
* Windows 2000 Service Pack 4
- Windows Services for UNIX 3.0
- Windows Services for UNIX 3.5
* Windows XP Service Pack 2
- Windows Services for UNIX 3.0
- Windows Services for UNIX 3.5
* Windows Server 2003 Service Pack 1 e Service Pack 2
- Windows Services for UNIX 3.0
- Windows Services for UNIX 3.5
* Windows Server 2003 x64 Edition e Service Pack 2
* Window Vista
* Windows Vista x64 Edition
- Subsystem for UNIX-based Applications
:: Impatto:
Acquisizione di privilegi pi elevati
:: Soluzione:
Applicare l'aggiornamento di sicurezza associato al bolletino
MS07-053 disponibile al sito Microsoft
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx
:: Riferimenti:
Microsoft:
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx
US-CERT - Technical Cyber Security Alert TA07-254A
http://www.us-cert.gov/cas/techalerts/TA07-254A.html
Secunia:
http://secunia.com/advisories/26757/
FrSirt:
http://www.frsirt.com/english/advisories/2007/3115
Security Focus:
http://www.securityfocus.com/bid/25620
Mitre's CVE ID:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3036
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRuftrfOB+SpikaiRAQICCgQAslHJPBjZXRlxUbzOmHlgV8vQJpf+G2dg
8gwYIHH4DpDsV3m40XlLt1Qz5KOC4eetLtXQcNgLG94cjoZZiMjzykCJmdEdmR1i
St2BWnGHDPHV0DLUJGKHKlb0oHM6aSNo+C6pdu14KkHgaykNjkqeqaElfAjK1el+
FQXbKQgxWag=
=2aQt
-----END PGP SIGNATURE-----