CERTA-2001-AVI-009
Vulnerability from certfr_avis
Un utilisateur local peut, par le biais d'une vulnérabilité liée aux ressources réseau, bloquer toute connexion sur la machine à laquelle il a accès.
Description
Sous Windows NT 4, un objet «mutex» permet de synchroniser l'accès aux ressources système pour empêcher deux processus distincts d'utiliser simultanément la même ressource. Une vulnérabilité dans les permissions de l'objet chargé des ressources réseau permet à un utilisateur local de saturer cette ressource afin d'isoler la machine du réseau.
Solution
Correctifs (version US) disponibles sur le site Microsoft :
Windows NT 4.0 :
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27272
Windows NT 4 Terminal Server Edition :
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27291
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Windows NT 4.0 Terminal Server.",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows NT 4.0 Server ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nSous Windows NT 4, un objet \u00abmutex\u00bb permet de synchroniser l\u0027acc\u00e8s aux\nressources syst\u00e8me pour emp\u00eacher deux processus distincts d\u0027utiliser\nsimultan\u00e9ment la m\u00eame ressource. Une vuln\u00e9rabilit\u00e9 dans les permissions\nde l\u0027objet charg\u00e9 des ressources r\u00e9seau permet \u00e0 un utilisateur local de\nsaturer cette ressource afin d\u0027isoler la machine du r\u00e9seau.\n\n## Solution\n\nCorrectifs (version US) disponibles sur le site Microsoft : \n \n\nWindows NT 4.0 :\n\n http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27272\n\n \n \n\nWindows NT 4 Terminal Server Edition :\n\n http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27291\n",
"cves": [],
"initial_release_date": "2001-01-30T00:00:00",
"last_revision_date": "2001-01-30T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft :",
"url": "http://www.microsoft.com/technet/security/bulletin/ms01-003.asp"
}
],
"reference": "CERTA-2001-AVI-009",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2001-01-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Un utilisateur local peut, par le biais d\u0027une vuln\u00e9rabilit\u00e9 li\u00e9e aux\nressources r\u00e9seau, bloquer toute connexion sur la machine \u00e0 laquelle il\na acc\u00e8s.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les permissions d\u0027acc\u00e8s sous Windows NT 4",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS01-003",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…