J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability

Severity: CRITICAL

Description:

A vulnerability exists in the way Windows 2000 telnet service handles server-side named pipes.

A server-side named pipe is created each time telnet starts a new session, the pipes and are named in a predictable sequence.

Due to the predictability of server-side named pipes, any local user with privileges to execute a program is able create a server-side named pipe and assume the security context of the system service the next time a session is started. By running the telnet service after arbitrary code has been attached to the named pipe, the code will be run in the Local System context as part of the initialization process.

It has been reported that this vulnerability can be exploited via two methods. Unfortunately no further technical details have been provided.

Successful exploitation of this vulnerability could lead to the complete compromise of the host.

Affected Products:

  • Avaya DefinityOne Media Servers
  • Avaya IP600 Media Servers
  • Avaya S3400 Message Application Server
  • Avaya S8100 Media Servers
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Datacenter Server SP1
  • Microsoft Windows 2000 Datacenter Server SP2
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Windows 2000 Professional SP2
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Terminal Services
  • Microsoft Windows 2000 Terminal Services SP1
  • Microsoft Windows 2000 Terminal Services SP2

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.