Vulnerabilities > CVE-1999-0520
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE network
low complexity
nessus
Summary
A system-critical NETBIOS/SMB share has inappropriate access control.
Nessus
NASL family Windows NASL id SMB_NULL_SESSION.NASL description The remote host is running Microsoft Windows. It is possible to log into it using a NULL session (i.e., with no login or password). Depending on the configuration, it may be possible for an unauthenticated, remote attacker to leverage this issue to get information about the remote host. last seen 2020-03-18 modified 2007-10-04 plugin id 26920 published 2007-10-04 reporter This script is Copyright (C) 2007-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26920 title Microsoft Windows SMB NULL Session Authentication code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(26920); script_version("1.34"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11"); script_cve_id("CVE-1999-0519", "CVE-1999-0520", "CVE-2002-1117"); script_bugtraq_id(494); script_name(english:"Microsoft Windows SMB NULL Session Authentication"); script_summary(english:"Attempts to log into the remote host using a NULL session"); script_set_attribute(attribute:"synopsis", value:"It is possible to log into the remote Windows host with a NULL session."); script_set_attribute(attribute:"description", value:"The remote host is running Microsoft Windows. It is possible to log into it using a NULL session (i.e., with no login or password). Depending on the configuration, it may be possible for an unauthenticated, remote attacker to leverage this issue to get information about the remote host."); # https://support.microsoft.com/en-us/help/143474/restricting-information-available-to-anonymous-logon-users script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5c2589f6"); # https://support.microsoft.com/en-us/help/246261 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?899b4072"); # http://technet.microsoft.com/en-us/library/cc785969(WS.10).aspx script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a33fe205"); script_set_attribute(attribute:"solution", value: "Apply the following registry changes per the referenced Technet advisories : Set : - HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous=1 - HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess=1 Reboot once the registry changes are complete."); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0519"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/04"); script_set_attribute(attribute:"vuln_publication_date", value:"1999/07/14"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2007-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_login.nasl"); script_require_keys("SMB/null_session_enabled"); script_require_ports(139, 445); exit(0); } include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/null_session_enabled"); port = kb_smb_transport(); # we need the netbios name of the host name = kb_smb_name(); if(!name)exit(0); soc = open_sock_tcp(port); if(!soc)exit(0); session_init (socket:soc,hostname:name); ret = NetUseAdd (login:"", password:"", domain:"", share:"IPC$"); if (ret != 1) { close(soc); exit(0); } fid = bind_pipe (pipe:"\browser", uuid:"6bffd098-a112-3610-9833-012892020162", vers:0); if (!isnull(fid)) security_hole(port:port, extra:"It was possible to bind to the \browser pipe"); NetUseDel ();NASL family Windows NASL id SMB_ACCESSIBLE_SHARES_UNPRIV.NASL description The remote has one or more Windows shares that can be accessed through the network with the given credentials. Depending on the share rights, it may allow an attacker to read/write confidential data. last seen 2020-06-01 modified 2020-06-02 plugin id 42411 published 2009-11-06 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42411 title Microsoft Windows SMB Shares Unprivileged Access code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(42411); script_version ("1.8"); script_cve_id("CVE-1999-0519", "CVE-1999-0520"); script_bugtraq_id(8026); script_name(english:"Microsoft Windows SMB Shares Unprivileged Access"); script_summary(english:"Reports up to 100 remote accessible shares"); script_set_attribute(attribute:"synopsis", value: "It is possible to access a network share." ); script_set_attribute(attribute:"description", value: "The remote has one or more Windows shares that can be accessed through the network with the given credentials. Depending on the share rights, it may allow an attacker to read/write confidential data." ); script_set_attribute(attribute:"solution", value: "To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/06"); script_set_attribute(attribute:"vuln_publication_date", value: "1999/07/14"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("smb_accessible_shares.nasl"); script_require_keys("/tmp/10396/report", "/tmp/10396/port"); exit(0); } rep = get_kb_item("/tmp/10396/report"); port = get_kb_item("/tmp/10396/port"); if (port && rep) security_hole(port: port, extra: rep);