CVE-2015-0005 - The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and W

CVE-2015-0005

Summary

The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability."

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*

CVSS

Base:	4.3 (as of 08-05-2019 - 22:03)
Impact:
Exploitability:

CWE

CWE-254

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:A/AC:M/Au:N/C:P/I:P/A:N

msbulletin via4

bulletin_id	MS15-027
bulletin_url
date	2015-03-10T00:00:00
impact	Spoofing
knowledgebase_id	3002657
knowledgebase_url
severity	Important
title	Vulnerability in NETLOGON Could Allow Spoofing

refmap via4

confirm	https://www.samba.org/samba/history/samba-4.2.10.html
fulldisc	20150310 [CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation
misc	http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation
sectrack	1031891

Last major update

08-05-2019 - 22:03

Published

11-03-2015 - 10:59

Last modified

08-05-2019 - 22:03