ID CVE-2004-0900
Summary The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows NT 4.0
    cpe:2.3:o:microsoft:windows_nt:4.0
  • cpe:2.3:o:microsoft:windows_nt:4.0:-:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:-:alpha
  • cpe:2.3:o:microsoft:windows_nt:4.0:-:enterprise_server
    cpe:2.3:o:microsoft:windows_nt:4.0:-:enterprise_server
  • cpe:2.3:o:microsoft:windows_nt:4.0:-:server
    cpe:2.3:o:microsoft:windows_nt:4.0:-:server
  • cpe:2.3:o:microsoft:windows_nt:4.0:-:terminal_server
    cpe:2.3:o:microsoft:windows_nt:4.0:-:terminal_server
  • cpe:2.3:o:microsoft:windows_nt:4.0:-:terminal_server_alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:-:terminal_server_alpha
  • Microsoft Windows 4.0 sp1
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server
  • Microsoft Windows 4.0 sp1 server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server
  • Microsoft Windows NT Terminal Server 4.0 SP1
    cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server
  • Microsoft Windows 4.0 sp2
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server
  • Microsoft Windows 4.0 sp2 server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server
  • Microsoft Windows NT Terminal Server 4.0 SP2
    cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server
  • Microsoft Windows 4.0 sp3
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server
  • Microsoft Windows 4.0 sp3 server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server
  • Microsoft Windows NT Terminal Server 4.0 SP3
    cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server
  • Microsoft Windows 4.0 sp4
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server
  • Microsoft Windows 4.0 sp4 server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server
  • Microsoft Windows NT Terminal Server 4.0 SP4
    cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server
  • Microsoft Windows 4.0 sp5
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server
  • Microsoft Windows 4.0 sp5 server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server
  • Microsoft Windows NT Terminal Server 4.0 SP5
    cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server
  • Microsoft Windows 4.0 sp6
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server
  • Microsoft Windows 4.0 sp6 server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server
  • Microsoft Windows NT Terminal Server 4.0 SP6
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server
  • Microsoft Windows 4.0 sp6a
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha
  • cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server
  • Microsoft Windows 4.0 sp6a server
    cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id SMB_KB885249.NASL
    description The remote host has the Windows DHCP server installed. There is a flaw in the remote version of this server that may allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 20368
    published 2006-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20368
    title MS04-042: Windows NT Multiple DHCP Vulnerabilities (885249) (uncredentialed check)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS04-042.NASL
    description The remote host has the Windows DHCP server installed. There is a flaw in the remote version of this server that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 15965
    published 2004-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15965
    title MS04-042: Windows NT Multiple DHCP Vulnerabilities (885249)
oval via4
  • accepted 2008-03-24T04:00:29.998-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."
    family windows
    id oval:org.mitre.oval:def:3577
    status accepted
    submitted 2005-01-27T12:00:00.000-04:00
    title Windows NT DHCP Request Code Execution Vulnerability
    version 69
  • accepted 2008-03-24T04:00:37.993-04:00
    class vulnerability
    contributors
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    definition_extensions
    comment Microsoft Windows NT is installed
    oval oval:org.mitre.oval:def:36
    description The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."
    family windows
    id oval:org.mitre.oval:def:4846
    status accepted
    submitted 2004-12-16T12:00:00.000-04:00
    title Windows NT DHCP Request Code Execution Vulnerability (Terminal Server)
    version 68
refmap via4
ms MS04-042
xf winnt-dhcp-hardwareaddress-code-execution(18342)
Last major update 10-09-2008 - 15:28
Published 10-01-2005 - 00:00
Last modified 12-10-2018 - 17:35
Back to Top