Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0860

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0860
Last Modified 05 Sep 2008 04:25:06
Published 06 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0860

Summary

Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Xp


References

BUGTRAQ - 20011114 Xato Advisory: Win2k/XP Terminal Services IP Spoofing

XF - win-terminal-spoof-address(7538)

BID - 3541


Last Updated: 27 May 2016 10:36:26