CVE-2005-2150 - Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sess

CVE-2005-2150

Summary

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	14177 14178
bugtraq	20050707 NULL sessions vulnerabilities using alternate named pipes
misc	http://www.hsc.fr/ressources/presentations/null_sessions/
sectrack	1014417
secunia	14189
xf	win-name-pipe-null-information-disclosure(21286) win-pipe-null-eventlog-information-disclosure(21288)

Last major update

11-07-2017 - 01:32

Published

11-07-2005 - 04:00

Last modified

11-07-2017 - 01:32