Lucene search
RootSSV:2475HistoryNov 20, 2007 - 12:00 a.m.
Microsoft Windows 2000不安全随机号码生成器信息泄露漏洞
2007-11-2000:00:00
Root
www.seebug.org
11
Security loophole in Windows 2000 exposes users’ private info
Cryptanalysis of the Random Number Generator of the Windows Operating System
Microsoft Windows 2000是一款流行的操作系统。
Microsoft Windows 2000包含的随机号码生成器存在漏洞,本地攻击者可以利用漏洞获得用户Email,密码和信用卡等敏感信息。
问题存在于CryptGenRandom()函数中,此漏洞可导致本地信息泄露而不能进行代码执行攻击,也不能远程访问。
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
- Avaya DefinityOne Media Servers
- Avaya IP600 Media Servers
- Avaya S3400 Message Application Server
- Avaya S8100 Media Servers
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
目前没有解决方案提供:
<a href=“http://www.microsoft.com/windows/default.mspx” target=“_blank”>http://www.microsoft.com/windows/default.mspx</a>