CVE
- Id
- 3926
- CVE No.
- CVE-2001-1122
- Status
- Candidate
- Description
- Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in "SPECIAL" mode.
- Phase
- Proposed (20020315)
- Votes
- ACCEPT(3) Foat, Frech, Green | NOOP(2) Baker, Cole | REJECT(2) Armstrong, Ziese | REVIEWING(1) Wall
- Comments
- Ziese> fact that important system | files are not appropriately secured from user, a/o admin, level access. | Green> ACCESS TO THE WINNT/SYSTEM32 DIRECTORY, ALLOWING FOR A DoS TO BE PERFORMED. | Foat> Our attempts to repair the computer with the Windows NT cd-rom failed. | The machine still would not allow logins. Tried two different NT 4.0 CD"s. Both | CD"s gave the error message that the file MSV1_0.dll read okay but is invalid on | the hard drive. It says the CD is probably defective. | Armstrong> I don"t believe that a privileged user being able to run code | on a system is a vulnerability. | Baker> I generally agree that unless you are elevating your priveleges, this should not be listed as a vulnerability. | CHANGE> [Baker changed vote from REVIEWING to NOOP]
