Vulnerabilities > CVE-2005-0051 - Remote Information Disclosure vulnerability in Microsoft Windows Named Pipe
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Nessus
NASL family Windows NASL id SMB_KB888302.NASL description The remote version of Windows contains a flaw that may allow an attacker to cause it to disclose information over the use of a named pipe through a NULL session. An attacker may exploit this flaw to gain more knowledge about the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 16337 published 2005-02-10 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16337 title MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302) (uncredentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(16337); script_version("1.25"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_cve_id("CVE-2005-0051"); script_bugtraq_id(12486); script_xref(name:"MSFT", value:"MS05-007"); script_xref(name:"MSKB", value:"888302"); script_name(english:"MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302) (uncredentialed check)"); script_summary(english:"Determines if hotfix 888302 has been installed"); script_set_attribute(attribute:"synopsis", value: "System information about the remote host can be obtained by an anonymous user."); script_set_attribute(attribute:"description", value: "The remote version of Windows contains a flaw that may allow an attacker to cause it to disclose information over the use of a named pipe through a NULL session. An attacker may exploit this flaw to gain more knowledge about the remote host."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-007"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows XP."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows"); script_dependencies("smb_nativelanman.nasl"); script_require_ports(139,445); exit(0); } # include ("smb_func.inc"); include("audit.inc"); os = get_kb_item ("Host/OS/smb") ; # 'Officially', only XP is affected. if ( ! os || "Windows 5.1" >!< os ) exit(0); port = int(get_kb_item("SMB/transport")); if (!port) port = 445; if(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init'); NetUseAdd (share:"IPC$"); if ( NetSessionEnum(level:SESSION_INFO_10) ) security_warning(port); NetUseDel ();NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS05-007.NASL description The remote version of Windows contains a flaw that could allow an attacker to cause it to disclose information over the use of a named pipe through a NULL session. An attacker may exploit this flaw to gain more knowledge about the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 16331 published 2005-02-09 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16331 title MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(16331); script_version("1.33"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2005-0051"); script_bugtraq_id(12486); script_xref(name:"MSFT", value:"MS05-007"); script_xref(name:"CERT", value:"939074"); script_xref(name:"MSKB", value:"888302"); script_name(english:"MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302)"); script_summary(english:"Determines if hotfix 888302 has been installed"); script_set_attribute(attribute:"synopsis", value:"It is possible to disclose information about the remote host."); script_set_attribute(attribute:"description", value: "The remote version of Windows contains a flaw that could allow an attacker to cause it to disclose information over the use of a named pipe through a NULL session. An attacker may exploit this flaw to gain more knowledge about the remote host."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-007"); script_set_attribute(attribute:"solution", value:"Microsoft has released a patch for Windows XP."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2005/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS05-007'; kb = '888302'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(xp:'1,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.1", sp:1, file:"Srvsvc.dll", version:"5.1.2600.1613", dir:"\system32", bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"5.1", sp:2, file:"Srvsvc.dll", version:"5.1.2600.2577", dir:"\system32", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_warning(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }
Oval
accepted 2011-05-16T04:02:27.926-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability." family windows id oval:org.mitre.oval:def:2292 status accepted submitted 2005-02-10T12:00:00.000-04:00 title Windows XP Named Pipe Vulnerability (32-bit architecture) version 70 accepted 2011-05-16T04:02:41.614-04:00 class vulnerability contributors name Jonathan Baker organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability." family windows id oval:org.mitre.oval:def:3055 status accepted submitted 2005-02-10T12:00:00.000-04:00 title Windows XP Named Pipe Vulnerability (64-bit architecture) version 68
References
- http://secunia.com/advisories/14189
- http://securitytracker.com/id?1013112
- http://www.kb.cert.org/vuls/id/939074
- http://www.securityfocus.com/bid/12486
- http://www.us-cert.gov/cas/techalerts/TA05-039A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19093
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2292
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3055