CVE - CVE-2001-1122

CVE-ID
CVE-2001-1122	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:3144 URL:http://www.securityfocus.com/bid/3144 BUGTRAQ:20010803 REPOST: A damaging local DoS in WinNT SP6a URL:http://www.securityfocus.com/archive/1/201722 XF:winnt-nt4all-dos(6943) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6943
Assigning CNA
MITRE Corporation
Date Record Created
20020315	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20020315)
Votes (Legacy)
ACCEPT(3) Foat, Frech, Green NOOP(2) Baker, Cole REJECT(2) Armstrong, Ziese REVIEWING(1) Wall
Comments (Legacy)
Ziese> fact that important system files are not appropriately secured from user, a/o admin, level access. Green> ACCESS TO THE WINNT/SYSTEM32 DIRECTORY, ALLOWING FOR A DoS TO BE PERFORMED. Foat> Our attempts to repair the computer with the Windows NT cd-rom failed. The machine still would not allow logins. Tried two different NT 4.0 CD's. Both CD's gave the error message that the file MSV1_0.dll read okay but is invalid on the hard drive. It says the CD is probably defective. Armstrong> I don't believe that a privileged user being able to run code on a system is a vulnerability. Baker> I generally agree that unless you are elevating your priveleges, this should not be listed as a vulnerability. CHANGE> [Baker changed vote from REVIEWING to NOOP]
Proposed (Legacy)
20020315
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)