certfr_avis - certa-2002-avi-072

CERTA-2002-AVI-072

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité du service MUP (Multiple UNC Provider) peut permettre à un utilisateur local mal intentionné de bloquer le système ou d'exécuter du code arbitraire avec les privilèges du compte SYSTEM.

Description

MUP (Multiple UNC Provider) est un service Windows qui permet de localiser des ressources réseau qui sont identifiées par UNC (Uniform Naming Convention), c'est-à-dire de la forme \\serveur\om-de-partage.

Une vulnérabilité du service MUP permet à un utilisateur local mal intentionné d'exécuter du code arbitraire avec les privilèges du compte SYSTEM.

Dans certains cas, l'exploitation de cette vulnérabilité provoquera un bloquage ou un redémarrage du serveur.

Solution

Appliquer le correctif en fonction de votre système :

Pour Windows NT 4.0 :

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37630

Pour Windows NT 4.0 Terminal Server Edition :

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37652

Pour Windows 2000 :

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37555

Pour Windows XP :

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37583

Pour Windows XP 64-bit Edition :

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37672

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows NT 4.0 ;
Microsoft	Windows	Microsoft Windows 2000 ;
Microsoft	Windows	Microsoft Windows XP Professional.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS02-017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows NT 4.0 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Professional.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nMUP (Multiple UNC Provider) est un service Windows qui permet de\nlocaliser des ressources r\u00e9seau qui sont identifi\u00e9es par UNC (Uniform\nNaming Convention), c\u0027est-\u00e0-dire de la forme `\\\\serveur\\om-de-partage`.\n\nUne vuln\u00e9rabilit\u00e9 du service MUP permet \u00e0 un utilisateur local mal\nintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire avec les privil\u00e8ges du compte\nSYSTEM.\n\nDans certains cas, l\u0027exploitation de cette vuln\u00e9rabilit\u00e9 provoquera un\nbloquage ou un red\u00e9marrage du serveur.\n\n## Solution\n\nAppliquer le correctif en fonction de votre syst\u00e8me :\n\n-   Pour Windows NT 4.0 :\n\n        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37630\n\n-   Pour Windows NT 4.0 Terminal Server Edition :\n\n        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37652\n\n-   Pour Windows 2000 :\n\n        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37555\n\n-   Pour Windows XP :\n\n        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37583\n\n-   Pour Windows XP 64-bit Edition :\n\n        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37672\n",
  "cves": [],
  "links": [],
  "reference": "CERTA-2002-AVI-072",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-04-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 du service MUP (Multiple UNC Provider) peut permettre\n\u00e0 un utilisateur local mal intentionn\u00e9 de bloquer le syst\u00e8me ou\nd\u0027ex\u00e9cuter du code arbitraire avec les privil\u00e8ges du compte SYSTEM.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du service MUP sous Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS02-017",
      "url": "http://www.microsoft.com/technet/security/bulletin/MS02-017.asp"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted