CVE-2005-2150

Sažetak

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

Reference

http://marc.info/?l=bugtraq&m=112076409813099&w=2
http://secunia.com/advisories/14189
http://securitytracker.com/id?1014417
http://www.hsc.fr/ressources/presentations/null_sessions/
http://www.securityfocus.com/bid/14177
http://www.securityfocus.com/bid/14178
https://exchange.xforce.ibmcloud.com/vulnerabilities/21286
https://exchange.xforce.ibmcloud.com/vulnerabilities/21288

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:32

Objavljeno

11-07-2005 - 04:00