Vulnerabilities > CVE-2005-2307 - Local Denial of Service vulnerability in Microsoft Windows 2000 and Windows XP

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
microsoft
nessus
exploit available
NVD
Published: 2005-07-19
Updated: 2019-04-30

Summary

netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."

Vulnerable Configurations

Part Description Count
OS
Microsoft
13

Exploit-Db

descriptionMS Windows Netman Service Local Denial of Service Exploit. CVE-2005-2307. Dos exploit for windows platform
idEDB-ID:1104
last seen2016-01-31
modified2005-07-14
published2005-07-14
reporterbkbll
sourcehttps://www.exploit-db.com/download/1104/
titleMicrosoft Windows Netman Service Local Denial of Service Exploit

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS05-045.NASL
descriptionThe remote host contains a version of the Network Connection Manager that contains a denial of service vulnerability that could allow an attacker to disable the component responsible for managing network and remote access connections. To exploit this vulnerability, an attacker would need to send a malformed packet to the remote host.
last seen2020-06-01
modified2020-06-02
plugin id19998
published2005-10-11
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19998
titleMS05-045: Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(19998);
 script_version("1.31");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2005-2307");
 script_bugtraq_id(14260);
 script_xref(name:"MSFT", value:"MS05-045");
 script_xref(name:"EDB-ID", value:"1104");
 script_xref(name:"MSKB", value:"905414");

 script_name(english:"MS05-045: Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)");
 script_summary(english:"Determines the presence of update 905414");

 script_set_attribute(attribute:"synopsis", value:
"A flaw in the remote network connection manager could allow an attacker
to cause a denial of service on the remote host.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of the Network Connection Manager
that contains a denial of service vulnerability that could allow an
attacker to disable the component responsible for managing network and
remote access connections.

To exploit this vulnerability, an attacker would need to send a
malformed packet to the remote host.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-045");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/07/14");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/10/11");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/11");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS05-045';
kb = '905414';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, arch:"x86", file:"netman.dll", version:"5.2.3790.396", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:1, arch:"x86", file:"netman.dll", version:"5.2.3790.2516", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"netman.dll", version:"5.1.2600.1733", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"netman.dll", version:"5.1.2600.2743", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0",       file:"netman.dll", version:"5.0.2195.7061", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

  • accepted2011-05-16T04:00:40.336-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionnetman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:1250
    statusaccepted
    submitted2005-10-12T12:00:00.000-04:00
    titleNetwork Connection Manager Interruption of Service (Server 2003)
    version69
  • accepted2011-05-16T04:00:42.120-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionnetman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:1254
    statusaccepted
    submitted2005-10-12T12:00:00.000-04:00
    titleNetwork Connection Manager Interruption of Service (Windows XP,SP1)
    version68
  • accepted2011-05-16T04:00:47.211-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJohn Hoyland
      organizationCentennial Software
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionnetman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:1289
    statusaccepted
    submitted2005-10-12T12:00:00.000-04:00
    titleNetwork Connection Manager Interruption of Service (Windows 2000)
    version69
  • accepted2011-05-16T04:01:15.142-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionnetman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:1532
    statusaccepted
    submitted2005-10-12T12:00:00.000-04:00
    titleNetwork Connection Manager Interruption of Service (Windows XP,SP2)
    version69
  • accepted2011-05-16T04:03:29.430-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionnetman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
    familywindows
    idoval:org.mitre.oval:def:786
    statusaccepted
    submitted2005-10-12T12:00:00.000-04:00
    titleNetwork Connection Manager Interruption of Service (Server 2003,SP1)
    version68

References