Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1436

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-1436
Last Modified 07 Mar 2011 12:00:00
Published 21 Apr 2008 01:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-1436

Summary

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.

Vulnerable Systems

Operating System

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Vista

  • Microsoft Windows Xp

  • Microsoft Windows-nt Vista


References

CERT - TA09-104A

XF - ms-windows-localsystem-privilege-escalation(41880)

VUPEN - ADV-2009-1026

VUPEN - ADV-2008-1264

SECTRACK - 1019904

BID - 28833

BUGTRAQ - 20081008 Token Kidnapping Windows 2003 PoC exploit

BUGTRAQ - 20080419 Token Kidnapping (Microsoft Security Advisory 951306) presentation available

MILW0RM - 6705

MS - MS09-012

CONFIRM - http://www.microsoft.com/technet/security/advisory/951306.mspx

MISC - http://www.argeniss.com/research/TokenKidnapping.pdf

MISC - http://www.argeniss.com/research/Churrasco.zip

MISC - http://securitywatch.eweek.com/flaws/microsoft_belatedly_admits_to_windows_server_2008_token_kidnapping.html

SECUNIA - 29867

MISC - http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html

MISC - http://milw0rm.com/sploits/2008-Churrasco.zip

MISC - http://isc.sans.org/diary.html?storyid=4306

CONFIRM - http://blogs.technet.com/msrc/archive/2008/04/17/msrc-blog-microsoft-security-advisory-951306.aspx


Last Updated: 27 May 2016 10:47:08