Vulnerabilities > CVE-2006-5584 - Unspecified vulnerability in Microsoft Windows 2000
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN microsoft
nessus
Summary
The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS06-077.NASL |
| description | The remote host is running a version of TFTPD installed by the Remote Installation Service that allows everyone to overwrite files on the remote host. An attacker may exploit this flaw to replace SYSTEM files and execute arbitrary code on this host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 23839 |
| published | 2006-12-12 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/23839 |
| title | MS06-077: Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121) |
Oval
| accepted | 2011-05-09T04:01:31.336-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| definition_extensions |
| ||||||||||||||||
| description | The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:375 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2006-12-13T08:17:04 | ||||||||||||||||
| title | RIS Writable Path Vulnerability | ||||||||||||||||
| version | 25 |
References
- http://secunia.com/advisories/23312
- http://secunia.com/advisories/23312
- http://securitytracker.com/id?1017368
- http://securitytracker.com/id?1017368
- http://www.kb.cert.org/vuls/id/238064
- http://www.kb.cert.org/vuls/id/238064
- http://www.securityfocus.com/archive/1/454969/100/200/threaded
- http://www.securityfocus.com/archive/1/454969/100/200/threaded
- http://www.securityfocus.com/archive/1/454969/100/200/threaded
- http://www.securityfocus.com/archive/1/454969/100/200/threaded
- http://www.securityfocus.com/bid/21495
- http://www.securityfocus.com/bid/21495
- http://www.us-cert.gov/cas/techalerts/TA06-346A.html
- http://www.us-cert.gov/cas/techalerts/TA06-346A.html
- http://www.vupen.com/english/advisories/2006/4970
- http://www.vupen.com/english/advisories/2006/4970
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-077
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-077
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A375
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A375