Brian Stempin on 26 Sep 2007 13:47:20 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Unix-like tools for Windows

  • From: "Brian Stempin" <brian.stempin@gmail.com>
  • To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
  • Subject: Re: [PLUG] Unix-like tools for Windows
  • Date: Wed, 26 Sep 2007 09:47:09 -0400
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=KRtgz0PihQ+DyMcqttqCNzwoXZLiCsg+V74PmpsBypw=; b=RcG3rp94bdviwGXtEGxAQ2Dz4rttUbhGX+28pDJXNRktO2yzA6/p5pRDh3mFQ0Hg6FBIj9mohCs1SgunGPZFe5b5Va5ZHh1rlUNKzTN1kT9oFVClvc2qD9RRmO7IZqObupNYRrTPK51WGaSigeg+85g0i8t9cSUXvLgcGNGa704=
  • Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
  • Sender: plug-bounces@lists.phillylinux.org
Microsoft:  The OS where even UNIX tools are FUBAR

On 9/25/07, Brian Vagnoni <bvagnoni@v-system.net> wrote:
Just FYI

From: JP Vossen [mailto:jp@jpsdomain.org]
To: plug@lists.phillylinux.org
Sent: Mon, 24 Sep 2007 12:22:18 -0400
Subject: [PLUG] Unix-like tools for Windows

5) M$ Windows Services for UNIX Version 3.5
"Windows Services for UNIX version provides a full range of
cross-platform services for integrating Windows into existing UNIX-based
environments."
http://www.microsoft.com/windowsserver2003/r2/unixinterop/default.mspx
http://technet.microsoft.com/en-us/interopmigration/bb380242.aspx
http://www.microsoft.com/windowsserversystem/sfu/downloads/default.mspx
http://www.securiteam.com/windowsntfocus/5KP0D1PMKC.html
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx


 Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

MS07-053
Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
http://www.microsoft.com/technet/security/bulletin/MS07-053.mspx

Microsoft Severity Rating: Important
eEye Severity Rating: Medium

Description
This patch fixes one vulnerability within Microsoft Windows Services for UNIX. This vulnerability allows for remote the elevation of privileges to Administrator.
  • CVE-2007-3036 - Windows Services for UNIX Could Allow Elevation of Privilege
    A vulnerability exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications where running certain setuid binary files could allow an attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could gain elevation of privilege.

The exploitation of this vulnerability requires heavy user interaction by logging in locally to execute certain programs. However, by coupling an exploit of this vulnerability with a client-side vulnerability, there is the possibility that this exploit could be delivered remotely by piggy-backing off of a client-side vulnerability to gain local access to the target host.

Recommendations
Although exploit code for this vulnerability has not been released, eEye Research suggests that vulnerable hosts be patched for this vulnerability as soon as possible. If Windows Services for UNIX is not necessary on a host, it should be uninstalled.


___________________________________________________________________________
Philadelphia Linux Users Group         --         http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug