Vulnerabilities > CVE-2005-2150 - Unspecified vulnerability in Microsoft Windows 2000 and Windows NT

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
microsoft
nessus

Summary

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

Vulnerable Configurations

Part Description Count
OS
Microsoft
2

Nessus

  • NASL familyWindows
    NASL idSMB_ENUM_SERVICES_NULL_SESSION.NASL
    descriptionThis plugin connects to \srvsvc (instead of \svcctl) to enumerate the list of services running on the remote host on top of a NULL session. An attacker may use this feature to gain better knowledge of the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id18585
    published2005-06-29
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18585
    titleMicrosoft Windows SMB Service Enumeration via \srvsvc
  • NASL familyWindows
    NASL idSMB_EVENT_LOG_NULL_SESSION.NASL
    descriptionIt is possible to anonymously read the event logs of the remote Windows 2000 host by connecting to the \srvsvc pipe and binding to the event log service, OpenEventLog(). An attacker may use this flaw to anonymously read the system logs of the remote host. As system logs typically include valuable information, an attacker may use them to perform a better attack against the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id18602
    published2005-07-05
    reporterThis script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18602
    titleMicrosoft Windows SMB svcctl MSRPC Interface SCM Service Enumeration