Vulnerabilities > CVE-2002-0018 - Privilege Escalation vulnerability in Microsoft Windows 2000 and Windows NT
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS02-001.NASL |
| description | Trust relationships are created between Windows NT or Windows 2000 domains to allow users in one domain to access resources in other domains without requiring them to authenticate separately to each domain. When a user in a trusted domain requests access to a resource in a trusting domain, the trusted domain supplies authorization data in the form of a list of Security Identifiers (SIDs) that indicate the user |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11366 |
| published | 2003-03-12 |
| reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11366 |
| title | MS02-001: Trusted Domain SID Remote Privilege Escalation (311401) |
Oval
accepted 2016-02-08T10:00:00.000-05:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. family windows id oval:org.mitre.oval:def:159 status accepted submitted 2003-05-13T12:00:00.000-04:00 title Windows NT Trusted Domain Loophole version 70 accepted 2005-10-19T05:47:00.000-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Tiffany Bergeron organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation
description In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. family windows id oval:org.mitre.oval:def:64 status accepted submitted 2003-05-13T12:00:00.000-04:00 title Windows 2000 Trusted Domain Loophole version 66
References
- http://www.securityfocus.com/bid/3997
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8023
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A159
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A64