Microsoft Security Bulletin MS02-036

Naviga SWZ: Home Page » News
News del 25 Luglio 02 Autore: Steve3000
Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation (Q317138)Titolo: Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation (Q317138) Data: 24 July 2002 Software: Microsoft Metadirectory Services 2.2 Impatto: Elevation of privilege Rischio: MediumIssue: ====== Microsoft Metadirectory Services (MMS) is a centralized metadirectory service that provides connectivity, management, and interoperability functions to help unify fragmented directory and database environments. It enables enterprises to link together disparate data repositories such as Exchange directory, Active Directory, third-party directory services, and proprietary databases, for the purpose of ensuring that the data in each is consistent, accurate, and can be centrally managed. A flaw exists that could enable an unprivileged user to access and manipulate data within MMS that should, by design, only be accessible to MMS administrators. Specifically, it is possible for an unprivileged user to connect to the MMS data repository via an LDAP client in such a way as to bypass certain security checks. This could enable an attacker to modify data within the MMS data repository, either for the purpose of changing the MMS configuration or replicating bogus data to the other data repositories. Patch di minore importanza per l'utente Home, ma specifica per gli addetti ai lavori. Click su INFO per il Bulettin, su Download per scaricare. NB: Patch localizzata solo in inglese.
Inserisci un commento sul forum Commenta la News sul Forum


Categoria: Sicurezza

La Community di

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum


Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter