Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability

Bugtraq ID:	25620
Class:	Design Error
CVE:	CVE-2007-3036
Remote:	No
Local:	Yes
Published:	Sep 11 2007 12:00AM
Updated:	Sep 12 2007 06:01PM
Credit:	Brian A. Reiter of WolfeReiter is credited with assisting the vendor with resolving this issue. The initial discoverer of this issue is currently unknown.
Vulnerable:	Microsoft Subsystem for UNIX-based Applications 0 Microsoft Services for Unix 3.5 Microsoft Services for Unix 3.0
Not Vulnerable:

Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability

Microsoft Windows Services for UNIX is prone to a local privilege-escalation vulnerability.

Attackers may exploit this issue to gain elevated privileges on affected computers. This facilitates the complete compromise of vulnerable computers.

Microsoft Windows Services for UNIX 3.0 and 3.5 and Microsoft Subsystem for UNIX-based Applications are vulnerable to this issue.

Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Information on exploiting this issue is reportedly available to the public with limited distribution.

Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability

Solution:
Microsoft has released an advisory along with fixes to address this issue. Please see the references for more information.


Microsoft Services for Unix 3.0

• Microsoft Security Update for Microsoft Windows Services for UNIX Version 3.0 (KB939778)
  Windows 2000 Service Pack 4; Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2; Windows XP Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?FamilyId=557f89fc-c5d9 -4405-9007-1654abf92277

Microsoft Services for Unix 3.5

• Microsoft Security Update for Microsoft Windows Services for UNIX Version 3.5 (KB939778)
  Windows 2000 Service Pack 4; Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2; Windows XP Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?FamilyId=70ae23c2-3ae8 -4ea6-ba8d-8ac7e4f82663

Microsoft Subsystem for UNIX-based Applications 0

• Microsoft Security Update for Windows Server 2003 (KB939778)
  Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?FamilyId=8ab5cc43-0b9c -45eb-aa51-47568ab6ce3f


• Microsoft Security Update for Windows Server 2003 x64 Edition (KB939778)
  Windows Server 2003 Service Pack 2 x64 Edition; Windows Server 2003, Datacenter x64 Edition; Windows Server 2003, Enterprise x64 Edition; Windows Server 2003, Standard x64 Edition
  http://www.microsoft.com/downloads/details.aspx?FamilyId=1d21e3e8-b5f6 -4044-9db6-054af836492b


• Microsoft Security Update for Windows Vista (KB939778)
  Windows Vista Enterprise; Windows Vista Ultimate
  http://www.microsoft.com/downloads/details.aspx?FamilyId=4d52e4f4-2888 -42df-8163-85c648e65b29


• Microsoft Security Update for Windows Vista for x64-based Systems (KB939778)
  Windows Vista Enterprise 64-bit edition; Windows Vista Ultimate 64-bit edition
  http://www.microsoft.com/downloads/details.aspx?FamilyId=4be667cc-c239 -480b-a9a0-939bcd27f0de

Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability

References:

• Services For Unix Product Page (Microsoft)
  
• Microsoft Security Bulletin MS07-053 (Microsoft)
  
• Vulnerability Note VU#768440 (US-CERT)