ID CVE-2005-2307
Summary netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:-:advanced_server
    cpe:2.3:o:microsoft:windows_2000:-:advanced_server
  • cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
    cpe:2.3:o:microsoft:windows_2000:-:datacenter_server
  • cpe:2.3:o:microsoft:windows_2000:-:professional
    cpe:2.3:o:microsoft:windows_2000:-:professional
  • cpe:2.3:o:microsoft:windows_2000:-:server
    cpe:2.3:o:microsoft:windows_2000:-:server
  • Microsoft Windows 2000 Advanced Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:datacenter_server
  • Microsoft Windows 2000 Professional SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:professional
  • Microsoft Windows 2000 Server SP1
    cpe:2.3:o:microsoft:windows_2000:-:sp1:server
  • Microsoft Windows 2000 Advanced Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:datacenter_server
  • Microsoft Windows 2000 Professional SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:professional
  • Microsoft Windows 2000 Server SP2
    cpe:2.3:o:microsoft:windows_2000:-:sp2:server
  • Microsoft Windows 2000 Advanced Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:datacenter_server
  • Microsoft Windows 2000 Professional SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:professional
  • Microsoft Windows 2000 Server SP3
    cpe:2.3:o:microsoft:windows_2000:-:sp3:server
  • Microsoft Windows 2000 Advanced Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:advanced_server
  • Microsoft Windows 2000 Datacenter Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:datacenter_server
  • Microsoft Windows 2000 Professional SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:professional
  • Microsoft Windows 2000 Server SP4
    cpe:2.3:o:microsoft:windows_2000:-:sp4:server
  • cpe:2.3:o:microsoft:windows_xp:-:home
    cpe:2.3:o:microsoft:windows_xp:-:home
  • cpe:2.3:o:microsoft:windows_xp:-:media_center
    cpe:2.3:o:microsoft:windows_xp:-:media_center
  • Microsoft Windows XP Professional Gold
    cpe:2.3:o:microsoft:windows_xp:-:gold:professional
  • Microsoft Windows XP Service Pack 1 Home Edition
    cpe:2.3:o:microsoft:windows_xp:-:sp1:home
  • Microsoft windows xp_sp1 media_center
    cpe:2.3:o:microsoft:windows_xp:-:sp1:media_center
  • Microsoft Windows XP Service Pack 2 Home Edition
    cpe:2.3:o:microsoft:windows_xp:-:sp2:home
  • Microsoft windows xp_sp2 media_center
    cpe:2.3:o:microsoft:windows_xp:-:sp2:media_center
  • Microsoft windows xp_sp2 tablet_pc
    cpe:2.3:o:microsoft:windows_xp:-:sp2:tablet_pc
CVSS
Base: 5.0 (as of 19-07-2005 - 09:43)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description MS Windows Netman Service Local Denial of Service Exploit. CVE-2005-2307. Dos exploit for windows platform
id EDB-ID:1104
last seen 2016-01-31
modified 2005-07-14
published 2005-07-14
reporter bkbll
source https://www.exploit-db.com/download/1104/
title Microsoft Windows Netman Service Local Denial of Service Exploit
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS05-045.NASL
description The remote host contains a version of the Network Connection Manager that contains a denial of service vulnerability that could allow an attacker to disable the component responsible for managing network and remote access connections. To exploit this vulnerability, an attacker would need to send a malformed packet to the remote host.
last seen 2019-02-21
modified 2018-11-15
plugin id 19998
published 2005-10-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=19998
title MS05-045: Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
oval via4
  • accepted 2011-05-16T04:00:40.336-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1250
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Network Connection Manager Interruption of Service (Server 2003)
    version 68
  • accepted 2011-05-16T04:00:42.120-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1254
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Network Connection Manager Interruption of Service (Windows XP,SP1)
    version 67
  • accepted 2011-05-16T04:00:47.211-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1289
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Network Connection Manager Interruption of Service (Windows 2000)
    version 68
  • accepted 2011-05-16T04:01:15.142-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1532
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Network Connection Manager Interruption of Service (Windows XP,SP2)
    version 68
  • accepted 2011-05-16T04:03:29.430-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
    family windows
    id oval:org.mitre.oval:def:786
    status accepted
    submitted 2005-10-12T12:00:00.000-04:00
    title Network Connection Manager Interruption of Service (Server 2003,SP1)
    version 67
refmap via4
bid 14260
confirm http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
ms MS05-045
secunia
  • 16065
  • 17172
  • 17223
Last major update 10-09-2008 - 15:41
Published 19-07-2005 - 00:00
Last modified 12-10-2018 - 17:37
Back to Top