Vulnerabilities > CVE-2005-2150 - Unspecified vulnerability in Microsoft Windows 2000 and Windows NT
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN microsoft
nessus
Summary
Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Nessus
NASL family Windows NASL id SMB_ENUM_SERVICES_NULL_SESSION.NASL description This plugin connects to \srvsvc (instead of \svcctl) to enumerate the list of services running on the remote host on top of a NULL session. An attacker may use this feature to gain better knowledge of the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 18585 published 2005-06-29 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18585 title Microsoft Windows SMB Service Enumeration via \srvsvc NASL family Windows NASL id SMB_EVENT_LOG_NULL_SESSION.NASL description It is possible to anonymously read the event logs of the remote Windows 2000 host by connecting to the \srvsvc pipe and binding to the event log service, OpenEventLog(). An attacker may use this flaw to anonymously read the system logs of the remote host. As system logs typically include valuable information, an attacker may use them to perform a better attack against the remote host. last seen 2020-06-01 modified 2020-06-02 plugin id 18602 published 2005-07-05 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18602 title Microsoft Windows SMB svcctl MSRPC Interface SCM Service Enumeration
References
- http://www.hsc.fr/ressources/presentations/null_sessions/
- http://www.securityfocus.com/bid/14177
- http://www.securityfocus.com/bid/14178
- http://securitytracker.com/id?1014417
- http://secunia.com/advisories/14189
- http://marc.info/?l=bugtraq&m=112076409813099&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21288
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21286