Vulnerabilities > CVE-2003-0507 - Unspecified vulnerability in Microsoft Windows 2000

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus

Summary

Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash.

Vulnerable Configurations

Part Description Count
OS
Microsoft
1

Nessus

NASL familyWindows
NASL idSERVICE_PACK_NOT_INSTALLED.NASL
descriptionThe remote version of Microsoft Windows has no service pack or the one installed is no longer supported. As a result, it is likely to contain security vulnerabilities.
last seen2020-06-02
modified2007-10-05
plugin id26921
published2007-10-05
reporterThis script is Copyright (C) 2007-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/26921
titleWindows Service Pack Out-of-Date
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(26921);
 script_version("1.41");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");

 script_cve_id(
  "CVE-1999-0662",
  "CVE-2003-0350",
  "CVE-2003-0507",
  "CVE-2007-1537"
 );
 script_bugtraq_id(
  7930,
  8090,
  8128,
  8154,
  10897,
  11202,
  12969,
  12972,
  13008,
  23025
 );

 script_name(english:"Windows Service Pack Out-of-Date");
 script_summary(english:"Determines the remote SP.");

 script_set_attribute(attribute:"synopsis", value:
"The remote system is not up to date.");
 script_set_attribute(attribute:"description", value:
"The remote version of Microsoft Windows has no service pack or the one
installed is no longer supported. As a result, it is likely to contain
security vulnerabilities.");
 script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/lifecycle");
 script_set_attribute(attribute:"solution", value:
"Install the latest service pack.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
 script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2003/07/02");
 script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/05");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"Windows");

 script_copyright(english:"This script is Copyright (C) 2007-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

 script_dependencies(
   "smb_reg_service_pack.nasl", "smb_reg_service_pack_W2K.nasl",
   "smb_reg_service_pack_XP.nasl", "smb_reg_service_pack_W2003.nasl",
   "smb_reg_service_pack_vista.nasl", "smb_reg_service_pack_win7.nasl",
   "smb_reg_service_pack_win8.nasl", "smb_reg_service_pack_win8_1.nasl",
   "os_fingerprint.nasl"
 );
 script_exclude_keys("SMB/not_windows");
 script_require_keys("SMB/WindowsVersion");

 exit(0);
}

include("audit.inc");
include("misc_func.inc");

if (get_kb_item("SMB/not_windows")) audit(AUDIT_OS_NOT, "Windows");


win_sp["4.0"] = "6a";
win_sp["5.0"] = "4";
win_sp["5.1"] = "3";
win_sp["5.2"] = "2";
win_sp["6.0"] = "2";
win_sp["6.1"] = "1";
win_sp["6.2"] = "0";
win_sp["6.3"] = "0";

win_min_sp["4.0"] = "6a";
win_min_sp["5.0"] = "4";
win_min_sp["5.1"] = "3";
win_min_sp["5.2"] = "2";
win_min_sp["6.0"] = "2";
win_min_sp["6.1"] = "1";
win_min_sp["6.2"] = "0";
win_min_sp["6.3"] = "0";

report = NULL;

win = get_kb_item("SMB/WindowsVersion");
if (win)
{
 port = get_kb_item("SMB/transport");
 if(!port)port = 445;

 sp = get_kb_item("SMB/CSDVersion");

os = get_kb_item_or_exit("Host/OS");
if ("Windows" >!< os)
  audit(AUDIT_HOST_NOT, "Windows");

 if (!sp)
   sp = "Service Pack 0";

 vers = ereg_replace(pattern:"^.*(Service Pack|Szervizcsomag) (.*)$", string:sp, replace:"\2");
 if (int(vers) < int(win_min_sp[win]))
   report = sp;

 if (report)
 {
  report = string ("\n",
		"The remote Windows ", win, " system has ", report , " applied.\n",
		"The system should have Service Pack ", win_sp[win], " installed.");

  security_hole(extra:report, port:port);
 } else exit(0, "The remote Windows install has the recommended service pack installed.");
} else exit(0, "The 'SMB/WindowsVersion' KB item is missing.");