Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2150

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2150
Last Modified 05 Sep 2008 04:51:01
Published 11 Jul 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2150

Summary

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Nt 4.0


References

MISC - http://www.hsc.fr/ressources/presentations/null_sessions/

BUGTRAQ - 20050707 NULL sessions vulnerabilities using alternate named pipes

XF - win-pipe-null-eventlog-information-disclosure(21288)

XF - win-name-pipe-null-information-disclosure(21286)

BID - 14178

BID - 14177

SECTRACK - 1014417

SECUNIA - 14189


Last Updated: 27 May 2016 10:40:25