Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1519

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2001-1519
Last Modified 05 Sep 2008 04:26:45
Published 31 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1519

Summary

** DISPUTED ** RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000


References

BID - 3185

XF - win2k-runas-pipe-authentication(7532)

BUGTRAQ - 20011114 RE:Radix Research Reports RADIX1112200101, RADIX1112200102, and RADIX1112200103

BUGTRAQ - 20011112 RADIX1112200101


Last Updated: 27 May 2016 10:36:42