Oval Definition:	oval:org.mitre.oval:def:1962
Revision Date: 2007-05-23 Version: 44 Title: Windows Server 2003 Negotiate Security Software Provider Denial of Service Vulnerability Description: The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2004-0119 Platform(s): Microsoft Windows Server 2003 Product(s): Negotiate Security Software Provider Definition Synopsis Software section Windows Server 2003 is installed AND The version of ipnathlp.dll is less than 5.2.3790.142 and 64-bit or 32-bit version of Windows is installed The version of ipnathlp.dll is less than 5.2.3790.142 and a 64 bit version of Windows is installed The version of ipnathlp.dll is less than 5.2.3790.142 AND a version of Windows for the ia64 architecture is installed OR The version of Ipnathlp.dll is less than 5.2.3790.142 and a 32-bit version of Windows is installed The version of ipnathlp.dll is less than 5.2.3790.142 AND 32-Bit version of Windows is installed AND NOT the patch kb835732 is installed AND Configuration section Negotiate is enabled
BACK