漏洞信息详情
Microsoft Windows 2000 LDAP SSL密码修改漏洞
- CNNVD编号:CNNVD-200107-145
- 危害等级: 中危
- CVE编号: CVE-2001-0502
- 漏洞类型: 其他
- 发布时间: 2001-07-21
- 威胁类型: 本地
- 更新时间: 2005-05-02
- 厂 商: microsoft
- 漏洞来源: Discovered by Jon ...
漏洞简介
SSL上运行Windows 2000 LDAP Server的一个参数没有在目录原则为域用户并且域数据属性为域密码时正确检查用户权限,本地用户可以利用该漏洞修改其他用户的登录密码。
漏洞公告
The Microsoft patch Q299687, as described in Microsoft Security Bulletin MS01-036, has been superseded. The new patch is Q318593, as described in Microsoft Security Bulletin MS02-016. Fixes for Microsoft Windows 2000 Datacenter Server are hardware specific. Those affected should contact the original manufacturer of their hardware about the availability of Datacenter Server fixes. Microsoft Windows 2000 Server SP2
- Microsoft Q318593This fix applies to Windows 2000 Domain Controller. http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844
- Microsoft Q318593This fix applies to Windows 2000 Domain Controller. http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844
- Microsoft Q318593This fix applies to Windows 2000 Domain Controller. http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844
- Microsoft Q318593This fix applies to Windows 2000 Domain Controller. http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844
- Microsoft Q318593This fix applies to Windows 2000 Domain Controller. http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844
- Microsoft Q318593This fix applies to Windows 2000 Domain Controller. http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844
参考网址
来源: MS 名称: MS01-036 链接:http://www.microsoft.com/technet/security/bulletin/MS01-036.asp 来源: XF 名称: win2k-ldap-change-passwords(6745) 链接:http://xforce.iss.net/static/6745.php 来源: BID 名称: 2929 链接:http://www.securityfocus.com/bid/2929 来源: CIAC 名称: L-101 链接:http://www.ciac.org/ciac/bulletins/l-101.sHTML
受影响实体
- Microsoft Windows_2000
补丁
暂无
评论