Vulnerability Name:

CVE-2004-0894 (CCN-18340)

Assigned:2004-12-14
Published:2004-12-14
Updated:2019-04-30
Summary:LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2004-0894

Source: CCN
Type: SHATTER Team Security Alert 06-0001
Microsoft Windows Improper Token Validation

Source: CCN
Type: CIAC Information Bulletin P-057
Microsoft Windows Kernel and LSASS Vulnerabilities

Source: CCN
Type: Microsoft Security Bulletin MS04-044
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)

Source: CCN
Type: BID-11914
Microsoft Windows LSASS Connection Validation Privilege Escalation Vulnerability

Source: MS
Type: UNKNOWN
MS04-044

Source: XF
Type: UNKNOWN
win-lsass-gain-privileges(18340)

Source: XF
Type: UNKNOWN
win-lsass-gain-privileges(18340)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1888

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2062

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3312

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3325

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4368

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:778

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:x64:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:778
    V
    LSASS Privilege Escalation Vulnerability (Windows 2000)
    2011-05-16
    oval:org.mitre.oval:def:3325
    V
    LSASS Privilege Escalation Vulnerability (32-bit XP, SP1)
    2011-05-16
    oval:org.mitre.oval:def:4368
    V
    LSASS Privilege Escalation Vulnerability (32-bit XP, SP2)
    2011-05-16
    oval:org.mitre.oval:def:2062
    V
    LSASS Privilege Escalation Vulnerability (64-bit XP, SP1)
    2011-05-16
    oval:org.mitre.oval:def:1888
    V
    LSASS Privilege Escalation Vulnerability (64-bit Server 2003)
    2005-02-23
    oval:org.mitre.oval:def:3312
    V
    LSASS Privilege Escalation Vulnerability (Server 2003/64-bit XP)
    2005-02-23
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows 2003 server datacenter_64-bit sp1_beta_1
    microsoft windows 2003 server enterprise
    microsoft windows 2003 server enterprise sp1_beta_1
    microsoft windows 2003 server enterprise_64-bit
    microsoft windows 2003 server enterprise_64-bit sp1_beta_1
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2 sp1_beta_1
    microsoft windows 2003 server standard
    microsoft windows 2003 server standard sp1_beta_1
    microsoft windows 2003 server web
    microsoft windows 2003 server web sp1_beta_1
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows 2000 - sp3
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows 2003 server *
    microsoft windows xp sp2
    microsoft windows xp - sp1