Microsoft Windows 2000不安全随机号码生成器信息泄露漏洞

2007-11-20T00:00:00
ID SSV:2475
Type seebug
Reporter Root
Modified 2007-11-20T00:00:00

Description

Security loophole in Windows 2000 exposes users' private info Cryptanalysis of the Random Number Generator of the Windows Operating System

Microsoft Windows 2000是一款流行的操作系统。 Microsoft Windows 2000包含的随机号码生成器存在漏洞,本地攻击者可以利用漏洞获得用户Email,密码和信用卡等敏感信息。 问题存在于CryptGenRandom()函数中,此漏洞可导致本地信息泄露而不能进行代码执行攻击,也不能远程访问。

Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server + Avaya DefinityOne Media Servers + Avaya IP600 Media Servers + Avaya S3400 Message Application Server + Avaya S8100 Media Servers Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server

目前没有解决方案提供: <a href="http://www.microsoft.com/windows/default.mspx" target="_blank">http://www.microsoft.com/windows/default.mspx</a>