• info
• discussion
• exploit
• solution
• references

Microsoft Windows POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability

Solution:
Microsoft has released an updated security bulletin (MS04-020) and fixes to address this issue for supported operating systems.

Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Avaya advise that customers follow the Microsoft recommendations to address this issue. Please see the referenced Avaya advisory at the following location for further details:
http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=197331&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()


Microsoft Windows 2000 Server SP2

• Microsoft Security Update for Windows 2000 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=05203A7E-4A11 -4F88-AA73-75A6C81466B8&displaylang=en

Microsoft Windows 2000 Advanced Server SP3

• Microsoft Security Update for Windows 2000 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=05203A7E-4A11 -4F88-AA73-75A6C81466B8&displaylang=en

Microsoft Windows 2000 Advanced Server SP2

• Microsoft Security Update for Windows 2000 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=05203A7E-4A11 -4F88-AA73-75A6C81466B8&displaylang=en

Microsoft Windows NT Workstation 4.0 SP6a

• Microsoft Security Update for Windows NT Workstation 4.0 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=25993F70-191B -4E35-AA1B-0AA1A7027880&displaylang=en

Microsoft Windows 2000 Advanced Server SP4

• Microsoft Security Update for Windows 2000 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=05203A7E-4A11 -4F88-AA73-75A6C81466B8&displaylang=en

Microsoft Windows NT Terminal Server 4.0 SP6

• Microsoft Security Update for Windows NT 4.0, Terminal Server Edition (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=9CFC4AF3-B0BC -4798-BC23-F45739E3B802&displaylang=en

Microsoft Windows 2000 Server SP3

• Microsoft Security Update for Windows 2000 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=05203A7E-4A11 -4F88-AA73-75A6C81466B8&displaylang=en

Microsoft Interix 2.2

• Microsoft Microsoft Security Bulletin MS04-020: Vulnerability in POSIX Could Allow Code Execution
  http://www.microsoft.com/downloads/details.aspx?FamilyId=0A480FEB-209E -4AD9-BA9A-D00A30CF5331&displaylang=en

Microsoft Windows NT Enterprise Server 4.0 SP6a

• Microsoft Security Update for Windows NT Server 4.0 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=C2018A81-446C -4930-A6CC-EA5B5960FF05&displaylang=en

Microsoft Windows 2000 Server SP4

• Microsoft Security Update for Windows 2000 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=05203A7E-4A11 -4F88-AA73-75A6C81466B8&displaylang=en

Microsoft Windows 2000 Professional SP3

• Microsoft Security Update for Windows 2000 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=05203A7E-4A11 -4F88-AA73-75A6C81466B8&displaylang=en

Microsoft Windows NT Server 4.0 SP6a

• Microsoft Security Update for Windows NT Server 4.0 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=C2018A81-446C -4930-A6CC-EA5B5960FF05&displaylang=en

Microsoft Windows 2000 Professional SP4

• Microsoft Security Update for Windows 2000 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=05203A7E-4A11 -4F88-AA73-75A6C81466B8&displaylang=en

Microsoft Windows 2000 Professional SP2

• Microsoft Security Update for Windows 2000 (KB841872)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=05203A7E-4A11 -4F88-AA73-75A6C81466B8&displaylang=en