int(923)

Vulnerability Bulletins

Desbordamiento de búfer en el subsistema POSIX de Windows NT y Windows 2000

Vulnerability classification
Property Value
Confidence level Oficial
Impact Compromiso Root
Dificulty Principiante
Required attacker level Acceso remoto con cuenta

System information
Property Value
Affected manufacturer Microsoft
Affected software Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4

Description
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en Microsoft Windows NT y Windows 2000. La vulnerabilidad reside en el subsistema POSIX.

La explotación de esta vulnerabilidad podría permitir a un atacante local obtener privilegios administrativos en un sistema afectado.

Solution


Actualización de software

Microsoft
Microsoft Windows NT Workstation 4.0 Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=25993F70-191B-4E35-AA1B-0AA1A7027880
Microsoft Windows NT Server 4.0 Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=C2018A81-446C-4930-A6CC-EA5B5960FF05
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=9CFC4AF3-B0BC-4798-BC23-F45739E3B802
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=05203A7E-4A11-4F88-AA73-75A6C81466B8

Standar resources
Property Value
CVE CAN-2004-0210
BID

Other resources
Microsoft Security Bulletin MS04-020
http://www.microsoft.com/technet/security/Bulletin/MS04-020.mspx

Version history
Version Comments Date
1.0 Aviso emitido 2004-07-14
2.0 Exploit público disponible 2004-07-20
Ministerio de Defensa
CNI
CCN
CCN-CERT