Vulnerabilities > CVE-2005-1981 - Unspecified vulnerability in Microsoft Windows 2000 and Windows 2003 Server

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
local
low complexity
microsoft
nessus

Summary

Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.

Vulnerable Configurations

Part Description Count
OS
Microsoft
2

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS05-042.NASL
descriptionThe remote host contains a version of the Kerberos protocol that contains multiple security flaws that could allow an attacker to crash the remote service (AD), disclose information or spoof a session. An attacker would need valid credentials to exploit these flaws.
last seen2020-06-01
modified2020-06-02
plugin id19405
published2005-08-09
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19405
titleMS05-042: Vulnerability in Kerberos Could Allow Denial of Service, Information Disclosure and Spoofing (899587)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(19405);
 script_version("1.34");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2005-1981", "CVE-2005-1982");
 script_bugtraq_id (14519, 14520);
 script_xref(name:"MSFT", value:"MS05-042");
 script_xref(name:"CERT", value:"477341");
 script_xref(name:"CERT", value:"610133");
 script_xref(name:"MSKB", value:"899587");

 script_name(english:"MS05-042: Vulnerability in Kerberos Could Allow Denial of Service, Information Disclosure and Spoofing (899587)");
 script_summary(english:"Determines the presence of update 899587");

 script_set_attribute(attribute:"synopsis", value:
"It is possible to crash the remote service or disclose information.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of the Kerberos protocol that
contains multiple security flaws that could allow an attacker to crash
the remote service (AD), disclose information or spoof a session.

An attacker would need valid credentials to exploit these flaws.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-042");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/09");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/08/09");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/09");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS05-042';
kb = '899587';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, file:"kerberos.dll", version:"5.2.3790.347", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:1, file:"kerberos.dll", version:"5.2.3790.2464", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"kerberos.dll", version:"5.1.2600.1701", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"kerberos.dll", version:"5.1.2600.2698", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", sp:4, file:"kerberos.dll", version:"5.0.2195.7053", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

  • accepted2011-05-16T04:00:05.520-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameAnna Min
      organizationBigFix, Inc
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
    familywindows
    idoval:org.mitre.oval:def:100095
    statusaccepted
    submitted2005-08-16T12:00:00.000-04:00
    titleWindows 2000 Kerberos Message DoS Vulnerability
    version69
  • accepted2011-05-16T04:00:06.276-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
    familywindows
    idoval:org.mitre.oval:def:100097
    statusaccepted
    submitted2005-08-16T12:00:00.000-04:00
    titleWindows XP,SP1 (32-bit) Kerberos Message DoS Vulnerability
    version68
  • accepted2011-05-16T04:00:06.907-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
    familywindows
    idoval:org.mitre.oval:def:100099
    statusaccepted
    submitted2005-08-16T12:00:00.000-04:00
    titleWindows XP,SP2 Kerberos Message DoS Vulnerability
    version69
  • accepted2011-05-16T04:00:07.614-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
    familywindows
    idoval:org.mitre.oval:def:100101
    statusaccepted
    submitted2005-08-16T12:00:00.000-04:00
    titleWindows XP,SP1 (64-bit) Kerberos Message DoS Vulnerability
    version68
  • accepted2011-05-16T04:00:08.267-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
    familywindows
    idoval:org.mitre.oval:def:100103
    statusaccepted
    submitted2005-08-16T12:00:00.000-04:00
    titleServer 2003 Kerberos Message DoS Vulnerability
    version69
  • accepted2011-05-16T04:00:08.869-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionUnknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
    familywindows
    idoval:org.mitre.oval:def:100105
    statusaccepted
    submitted2005-08-16T12:00:00.000-04:00
    titleServer 2003,SP1 Kerberos Message DoS Vulnerability
    version68