Vulnerability Name:

CVE-2011-0039 (CCN-64972)

Assigned:2010-12-10
Published:2011-02-08
Updated:2018-10-12
Summary:The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-287
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2011-0039

Source: CCN
Type: SA43253
Microsoft Windows LSASS Authentication Request Privilege Escalation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
43253

Source: CCN
Type: Microsoft Security Bulletin MS11-014
Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)

Source: BID
Type: UNKNOWN
46152

Source: CCN
Type: BID-46152
Microsoft Windows LSASS Length Validation Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1025049

Source: VUPEN
Type: Vendor Advisory
ADV-2011-0327

Source: MS
Type: UNKNOWN
MS11-014

Source: XF
Type: UNKNOWN
ms-win-lsass-priv-esc(64972)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12537

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:12537
    V
    		LSASS Length Validation Vulnerability
    2011-08-15
    BACK
    microsoft windows 2003 server * sp2
    microsoft windows 2003 server * sp2
    microsoft windows 2003 server * sp2
    microsoft windows xp * sp3
    microsoft windows xp - sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows xp sp2
    microsoft windows xp sp3