Re: [PLUG] Unix-like tools for Windows

Brian Vagnoni on 26 Sep 2007 03:10:15 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Unix-like tools for Windows

From: "Brian Vagnoni" <bvagnoni@v-system.net>

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Unix-like tools for Windows

Date: Tue, 25 Sep 2007 23:10:13 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

Just FYI

From: JP Vossen [mailto:jp@jpsdomain.org]
To: plug@lists.phillylinux.org
Sent: Mon, 24 Sep 2007 12:22:18 -0400
Subject: [PLUG] Unix-like tools for Windows

5) M$ Windows Services for UNIX Version 3.5
"Windows Services for UNIX version provides a full range of
cross-platform services for integrating Windows into existing UNIX-based
environments."
http://www.microsoft.com/windowsserver2003/r2/unixinterop/default.mspx
http://technet.microsoft.com/en-us/interopmigration/bb380242.aspx
http://www.microsoft.com/windowsserversystem/sfu/downloads/default.mspx
http://www.securiteam.com/windowsntfocus/5KP0D1PMKC.html
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx

Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

MS07-053
Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
http://www.microsoft.com/technet/security/bulletin/MS07-053.mspx

Microsoft Severity Rating: Important
eEye Severity Rating: Medium

Description
This patch fixes one vulnerability within Microsoft Windows Services for UNIX. This vulnerability allows for remote the elevation of privileges to Administrator.
CVE-2007-3036 - Windows Services for UNIX Could Allow Elevation of Privilege
A vulnerability exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications where running certain setuid binary files could allow an attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could gain elevation of privilege.

The exploitation of this vulnerability requires heavy user interaction by logging in locally to execute certain programs. However, by coupling an exploit of this vulnerability with a client-side vulnerability, there is the possibility that this exploit could be delivered remotely by piggy-backing off of a client-side vulnerability to gain local access to the target host.

Recommendations
Although exploit code for this vulnerability has not been released, eEye Research suggests that vulnerable hosts be patched for this vulnerability as soon as possible. If Windows Services for UNIX is not necessary on a host, it should be uninstalled.

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Unix-like tools for Windows
From: "Brian Stempin" <brian.stempin@gmail.com>

Prev by Date: Re: [PLUG] [VMware on Ubuntu] Thank you + iron

Next by Date: [PLUG] things taken too far? (was Re: Community standards)

Previous by thread: Re: [PLUG] Unix-like tools for Windows

Next by thread: Re: [PLUG] Unix-like tools for Windows

Index(es):

Date

Thread