Vulnerability CVE-2009-1922 - CERT Civis.Net

Vulnerability Name:

CVE-2009-1922 (CCN-52106)

Assigned:

2009-08-11

Published:

2009-08-11

Updated:

2019-02-26

Summary:

The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2009-1922

Source: MISC
Type: UNKNOWN
http://en.securitylab.ru/lab/PT-2008-09

Source: OSVDB
Type: UNKNOWN
56901

Source: CCN
Type: SA36214
Microsoft Windows Message Queuing Service Privilege Escalation

Source: SECUNIA
Type: Vendor Advisory
36214

Source: CCN
Type: SECTRACK ID: 1022714
Windows Message Queuing Service (MSMQ) NULL Pointer Flaw Lets Local Users Gain Elevated Privileges

Source: CCN
Type: Microsoft Security Bulletin MS14-062
Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)

Source: CCN
Type: Microsoft Security Bulletin MS09-040
Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)

Source: CCN
Type: OSVDB ID: 56901
Microsoft Windows Message Queuing Service (MSMQ) mqac.sys IOCTL Request Parsing Local Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20090812 [PT-2008-09] Microsoft Windows MSMQ Privilege Escalation Vulnerability

Source: CCN
Type: BID-35969
Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1022714

Source: CERT
Type: US Government Resource
TA09-223A

Source: MS
Type: UNKNOWN
MS09-040

Source: XF
Type: UNKNOWN
win-msmq-ioctl-privilege-escalation(52106)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6109

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:-:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:*:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:6109	V	MSMQ Null Pointer Vulnerability	2014-03-03