Overview
Microsoft Windows Services for UNIX contains a vulnerability that may allow a local, authenticated attacker to gain elevated privileges.
Description
Windows Services for UNIX fails to properly handle setuid binary files. An attacker may be able to trigger this vulnerability by running a specially crafted setuid binary file. For more information, please see Microsoft Security Bulletin MS07-053. |
Impact
A local, authenticated attacker may be able to gain elevated privileges on a vulnerable system. |
Solution
Microsoft has released updates in Microsoft Security Bulletin MS07-053 to address this issue. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported in Microsoft Security Bulletin MS07-053. Microsoft thanks Brian Reiter of WolfeReiter for reporting the vulnerability to them.
This document was written by Katie Steiner.
Other Information
| CVE IDs: | CVE-2007-3036 |
| Severity Metric: | 0.37 |
| Date Public: | 2007-09-11 |
| Date First Published: | 2007-09-12 |
| Date Last Updated: | 2007-09-12 13:05 UTC |
| Document Revision: | 10 |