Vulnerability CVE-2004-0567 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0567 (CCN-18258)

Assigned:

2004-11-26

Published:

2004-11-26

Updated:

2019-04-30

Summary:

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2004-0567

Source: CCN
Type: SA13466
Microsoft Windows WINS "Name" Validation Vulnerability

Source: SECUNIA
Type: UNKNOWN
13466

Source: CCN
Type: SECTRACK ID: 1012517
Microsoft WINS Buffer Overflow in Name Value Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1012517

Source: CCN
Type: Microsoft Knowledge Base Article 890710
How to help protect against a WINS security issue

Source: CIAC
Type: Patch, Vendor Advisory
P-054

Source: CCN
Type: US-CERT VU#378160
Microsoft Windows Internet Naming Service (WINS) contains a buffer overflow

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#378160

Source: CCN
Type: Microsoft Corporation Web site
Windows Internet Name Service (WINS)

Source: CCN
Type: Microsoft Security Bulletin MS04-045
Vulnerability in WINS Could Allow Remote Code Execution (870763)

Source: CCN
Type: Microsoft Security Bulletin MS08-034
Vulnerability in WINS Could Allow Elevation of Privilege (948745)

Source: CCN
Type: Microsoft Security Bulletin MS09-008
Vulnerabilities in DNS and WINS server could allow Spoofing (962238)

Source: OSVDB
Type: UNKNOWN
12370

Source: CCN
Type: OSVDB ID: 12370
Microsoft Windows WINS Computer Name Validation Remote Code Execution

Source: BID
Type: UNKNOWN
11922

Source: CCN
Type: BID-11922
Microsoft Windows WINS Name Value Handling Remote Buffer Overflow Vulnerability

Source: MS
Type: UNKNOWN
MS04-045

Source: XF
Type: UNKNOWN
wins-updateversionrequest-bo(18258)

Source: XF
Type: UNKNOWN
wins-memory-pointer-hijack(18259)

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:terminal_server:*:x86:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:server:*:x86:*

Configuration CCN 1:

cpe:/o:microsoft:windows_nt:4.0::terminal_server:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:-:*:*:advanced_server:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

Denotes that component is vulnerable