exploits , vulnerabilities , articles , Microsoft Windows POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability

Title	Microsoft Windows POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
Published	2004-07-13-12:00AM
Updated	2004-08-10-05:38PM
Class	Boundary Condition Error
CVE	CAN-2004-0210
Remote	No
Local	Yes
Credit	Discovery of this vulnerability is credited to Rafal Wojtczuk of Network Associates.
Vulnerable	Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Terminal Server 4.0 SP6 Microsoft Windows NT Server 4.0 SP6a Avaya DefinityOne Media Servers Avaya IP600 Media Servers Avaya S8100 Media Servers Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT 4.0 SP6 alpha Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Interix 2.2 Avaya S3400 Message Application Server
Not Vulnerable
Code	CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild. An exploit to leverage this vulnerability has been made available by bkbll <bkbll@cnhonker.net>. It is reported that this exploit has been tested on Microsoft Windows 2000 Service Pack 4 platforms. /data/vulnerabilities/exploits/Posixexp.c
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability
2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability
2009-12-15 Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
2009-12-15 Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution Vulnerability
2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability