ID CVE-2004-0894
Summary LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
CVSS
Base: 7.2 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2005-02-23T09:25:00.000-04:00
    class vulnerability
    contributors
    name Christine Walzer
    organization The MITRE Corporation
    description LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
    family windows
    id oval:org.mitre.oval:def:1888
    status accepted
    submitted 2005-01-04T12:00:00.000-04:00
    title LSASS Privilege Escalation Vulnerability (64-bit Server 2003)
    version 65
  • accepted 2011-05-16T04:02:22.067-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
    family windows
    id oval:org.mitre.oval:def:2062
    status accepted
    submitted 2005-01-04T12:00:00.000-04:00
    title LSASS Privilege Escalation Vulnerability (64-bit XP, SP1)
    version 68
  • accepted 2005-02-23T09:25:00.000-04:00
    class vulnerability
    contributors
    name Ingrid Skoog
    organization The MITRE Corporation
    description LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
    family windows
    id oval:org.mitre.oval:def:3312
    status accepted
    submitted 2005-01-05T12:00:00.000-04:00
    title LSASS Privilege Escalation Vulnerability (Server 2003/64-bit XP)
    version 65
  • accepted 2011-05-16T04:02:44.893-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
    family windows
    id oval:org.mitre.oval:def:3325
    status accepted
    submitted 2004-12-28T12:00:00.000-04:00
    title LSASS Privilege Escalation Vulnerability (32-bit XP, SP1)
    version 68
  • accepted 2011-05-16T04:02:57.789-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
    family windows
    id oval:org.mitre.oval:def:4368
    status accepted
    submitted 2004-12-28T12:00:00.000-04:00
    title LSASS Privilege Escalation Vulnerability (32-bit XP, SP2)
    version 69
  • accepted 2011-05-16T04:03:27.063-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Andrew Buttner
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
    family windows
    id oval:org.mitre.oval:def:778
    status accepted
    submitted 2004-12-28T12:00:00.000-04:00
    title LSASS Privilege Escalation Vulnerability (Windows 2000)
    version 70
refmap via4
xf win-lsass-gain-privileges(18340)
Last major update 30-04-2019 - 14:27
Published 10-01-2005 - 05:00
Last modified 30-04-2019 - 14:27
Back to Top